strange encoded requests coming in to my server - like ' "\x80F\x01\x03\x01" ' ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Now finally able to host a website on my home static-IP ADSL connection, using Linux (FC-14) apache httpd-2.2.17-1.fc14.x86_64 ,
with "IP-passthrough" and "Full NAT" enabled on the ADSL router so it assigns my host its own WAN address ,
I'm seeing these strange entries in the access log :

117.241.90.130 - - [31/May/2011:07:11:21 +0000] "\xb6\xb3\xde\xa9\xb4q&\x1c\xe1\xb4eX\"7\xf1\xb4\x82\xd9\xd3\xce\x95\xf9|\x8f\xde\xb7\x1a\xe6\x92G3\xe84\x10]`\xc3" 501 354 "-" "-"
180.94.69.130 - - [31/May/2011:07:32:42 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
89.73.88.177 - - [31/May/2011:08:11:26 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
217.117.64.236 - - [31/May/2011:08:34:20 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
195.138.167.98 - - [31/May/2011:08:39:52 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
89.96.190.244 - - [31/May/2011:08:50:51 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
195.138.167.98 - - [31/May/2011:09:20:20 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
217.117.64.236 - - [31/May/2011:10:04:43 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
62.141.88.70 - - [31/May/2011:11:40:13 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
178.187.163.117 - - [31/May/2011:12:03:36 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
118.172.80.131 - - [31/May/2011:12:11:57 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
196.44.185.151 - - [31/May/2011:12:25:23 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
62.141.88.90 - - [31/May/2011:12:31:15 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
213.0.79.214 - - [31/May/2011:13:22:46 +0000] "\x80F\x01\x03\x01" 501 313 "-" "-"
127.0.0.1 - - [31/May/2011:13:58:44 +0000] "GET /manual/ HTTP/1.1" 200 7709 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) Gecko/20110415 Firefox/4.0b13pre"
127.0.0.1 - - [31/May/2011:13:58:54 +0000] "GET /manual/logs.html HTTP/1.1" 200 33676 "http://127.0.0.1/manual/"; "Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) Gecko/20110415 Firefox/4.0b13pre"

Can anyone please explain the meaning of these /var/log/httpd/access_log entries ?

I guess this is just opportunist hosts trying to connect to port 80 / port 443 with a garbage protocol ?
If so, why are log entries made in the access log and not in the error log ?

Or is this some server misconfiguration ? 
Or perhaps some ADSL router issue ? 

Isn't there a log format that will print the server's socket address IP:PORT and / or VirtualHost name in the access log ? 
Can't seem to find it. 

Any suggestions much appreciated, 
Regards,
Jason


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux