|
FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD. |
|
Thread Tools | Display Modes |
|
|
|||
Apached checking its own status?
My webserver at home, running 6.2-release with Apache 2.2, has been running now for some 298 days uninterrupted. However in the past couple days I have seen a lot of
Code:
- [02/Aug/2010:10:55:42 -0400] "GET / HTTP/1.1" 200 710 "-" "-" I'm not sure how to interpret these lines. There is no system information in the line to help me deduce what kind of system is doing this (there are multiple systems on my home network) - is it the local system (if so why is it originating from the IP address and not the local address)? |
|
|||
From the official Apache docs, this is the explanation of the first field in the access log entry:
"This is the IP address of the client (remote host) which made the request to the server. If HostnameLookups is set to On, then the server will try to determine the hostname and log it in place of the IP address. However, this configuration is not recommended since it can significantly slow the server. Instead, it is best to use a log post-processor such as logresolve to determine the hostnames. The IP address reported here is not necessarily the address of the machine at which the user is sitting. If a proxy server exists between the user and the server, this address will be the address of the proxy, rather than the originating machine." |
|
|||
Thank you for the suggestion, however it is not the case with my webserver. I can say this because I have hostnamelookup turned off (as it was by default), and also because these lines are appearing every 5 minutes regardless of whether or not there is traffic to my webserver.
Also this is something that has started only in the past 2 days, while the webserver itself has been running for over 289 days continuously at this point. It might be worthwhile to point out at this point that this is just a "hobby" webserver that I run at home. It mostly has family pictures and that type of stuff, and has very little traffic - so little that our ISP hasn't bothered to try to sell us more bandwidth yet. Last edited by Mantazz; 3rd August 2010 at 12:55 AM. Reason: adding information |
|
|||
Apached checking its own status? No. Would you believe NoScript?
This is caused by a client browser running the new version of NoScript 2.0 which came out last week:
http: forums.informaction.com/viewtopic.php?f=7&t=4743 To fix it go to each browser and change the NoScript option: "you're likely among the few people who may want to disable this feature, since you've got a web server meant to be public on that IP. Just uncheck NoScript Options|Advanced|ABE|WAN IP ∈ LOCAL." This new anti-dns-rebinding version of NoScript 2.0 was prompted by the recent Black Hat meeting where dns-rebinding was featured. Craig Heffner "How to Hack Millions of Routers" http: blackhat.com/html/bh-us-10/bh-us-10-briefings.html#Heffner The broken urls are because: You are only allowed to post URLs once you have at least 5 posts. -------------------------------------------------------------------------------------------------- OpenBSD Only two remote holes in the default install, in a heck of a long time! Last edited by comet--berkeley; 3rd August 2010 at 04:13 AM. Reason: signature |
|
|||
Good call, that seems to have done it. Indeed I had just upgraded the noscript plugin on my notebook on the same network but I didn't really suspect previously that to be the culprit. I turned off that setting and the self-requests went away.
Out of curiosity, how did you find that? The line from httpd-access.log was virtually impossible to use as a meaningful google query (or at least I couldn't craft it into one). Thanks! |
|
|||
I was at wits end with similar page requests appearing on my home web server.
But after running tcpdump I saw the page request every 5 minutes coming from my own machine. And after turning off all the Firefox plugins the page requests stopped. Going to Google I searched on this: NoScript "5 minutes" and found this http://forums.informaction.com/viewtopic.php?f=7&t=4743 -------------------------------------------------------------------------------------------------------- Now that I described how I found it, let me talk about DNS rebinding which the NoScript is trying to stop. Besides putting NoScript on every client browser in your house it is good to beef up the DNS server on the router. If the router uses dnsmasq as the DNS then add the "stop-dns-rebind" option to it. And configure the web server to reject invalid Host headers. One straightforward way to do this is to turn on "Virtual Hosting". Here is the wikipedia article about DNS rebinding: http://en.wikipedia.org/wiki/DNS_rebinding
__________________
When you see a good move, look for a better one. --Lasker |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
checking upgrade worked? | carpman | FreeBSD Installation and Upgrading | 2 | 6th February 2009 11:37 PM |
What is the status of KDE4? | wubrgamer | General software and network | 10 | 24th September 2008 03:58 AM |
Status of Xen on OpenBSD | Oko | OpenBSD General | 2 | 19th June 2008 09:02 PM |
checking if UIC has KDE plugins available... | ccc | FreeBSD Ports and Packages | 14 | 14th June 2008 09:36 PM |
WARNING: Vulnerability database out of date, checking anyway | mfaridi | FreeBSD Security | 9 | 8th May 2008 06:13 AM |