Re: Full Request URI in access_log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 5, 2011 at 2:11 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
On Tue, Apr 5, 2011 at 1:00 PM, Chad Morland <cmorland@xxxxxxxxx> wrote:
I've got a domain hosted on one of our servers that seems to be getting a ton of junk traffic from Bit Torrent clients.

The request that is showing up in my access_log is:

/announce...cedc031275%20430?info_hash=%CE%0Az%19%3C%3B~%84%2F.%8Cc%8A%DDyZ%C7%18%18%26&peer_id=-BC0109-%5E%02%B2%FDw%AB%19%DD%D9%BDxB&port=24668&natmapped=1&localip=192.168.1.11&port_type=wan&uploaded=0&downloaded=0&left=31457280&numwant=100&compact=1&no_peer_id=1&key=48054&event=started

As you can see the full URI is not displayed after "announce". What is causing this to be clipped? I've tried different LogFormat options but nothing seems to display the full URI.

You might be able to use "%U" for the URL without the query string and separately "%q" for the query string only.

- Y

I tried %U previously and I just tried it with %q as well. It looks like I am just getting the query string with %q but I still get "/announce...93d3fda523" for %U.

It's possible that this actually is the URL being requested. I've never seen apache condense log entries prevously so it may just be a screwy request. I guess I will try matching "/announce..." and see if it does block those requests.

Thanks for your help.


-CM
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux