You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marten Lehmann <le...@cnm.de> on 2007/10/15 20:00:51 UTC
Strange access log entry repeating
Hello,
I already posted this into apache-users, but it probably is too much
httpd-internal, I haven't received an answer yet.
I have an ssl host for the domain test.com, configured with these lines
in httpd.conf:
Listen 1.2.3.4:80
NameVirtualHost 1.2.3.4:80
<VirtualHost 1.2.3.4:80>
ServerName test.com
</VirtualHost>
Listen 1.2.3.4:443
<VirtualHost 1.2.3.4:443>
ServerName test.com
SSLEngine On
SSLCertificateKeyFile /etc/httpd/certs/test.com.key
SSLCertificateFile /etc/httpd/certs/test.com.crt
</VirtualHost>
Everything worked fine before I enabled ssl. After that, these lines
occure every now and then, but always about once per second:
test.com 1.2.3.4 - - [11/Oct/2007:19:11:25 +0200] "GET /" 400 478 "-" "-"
It definetely started in the moment I stopped and restarted apache after
I made the URL configuration. It is a multi homed environment and these
entries appear for no other host (there is no other ssl host on this
server). Any ideas?
I have checked everything, there is nothing externally calling this URL.
It seems that apache is calling the URL on its own (maybe it is trying
to resolv something?). I'm not that much into the apache details to have
a clue.
I'm using httpd-2.2.4. If you don't have an idea, I can maybe track it
down a bit further. But so far this simpelst thing I can explain is:
With a pretty standard httpd.conf there is no long entry unless someone
actually calls a URL. But once I include the configuration lines above
and restart apache, strange log lines appear. Note: There is always an
error 400. And the URL called is always "GET /", not even "GET /
HTTP/1.0" or so.
Kind regards
Marten
Re: Strange access log entry repeating
Posted by Jim Jagielski <ji...@jaguNET.com>.
Later versions of 2.2 (starting with 2.2.7) will have Apache
send 'OPTIONS *' instead of the 'GET /' which will make
it easier for you to exclude those.
On Oct 17, 2007, at 7:08 AM, Marten Lehmann wrote:
> Hello,
>
>> See:
>> http://wiki.apache.org/httpd/InternalDummyConnection
>> When the default vhost is SSL, you get the 400 because apache doesn't
>> bother doing ssl negotiation -- it just sends an ordinary http
>> request. But this doesn't matter since the request only needs to wake
>> up the process, nothing else.
>
> well, but it clutters up the logfiles so web statistic software
> gives wrong data about web access, because it counts the internal
> calls as well.
>
> The Wiki page says, that all calls originate from the lookback
> device, but thats not true. In my logfiles, all calls are
> originated by the ip address of the ssl host(s), so I don't know
> how to effectively exclude these calls.
>
> We have a central, small httpd.conf which includes config files for
> each virtual host. While the CustomLog settings are defined in the
> httpd.conf, the individual listen and virtual host configurationis
> done in the single files. That way, we can easily add and remove
> files and simply restart apache without having to touch httpd.conf.
>
> Are there variable which contains the complete request ("GET /")
> and the status code ("400")? This would be the only what to detect
> such internal requests independend of servernames and ip addresses.
> What could a SetenvIf directive look like that would set a "skip"
> variable which I could use at the CustomLog setting?
>
> Regards
> Marten
>
Re: Strange access log entry repeating
Posted by Marten Lehmann <le...@cnm.de>.
Hello,
> See:
> http://wiki.apache.org/httpd/InternalDummyConnection
>
> When the default vhost is SSL, you get the 400 because apache doesn't
> bother doing ssl negotiation -- it just sends an ordinary http
> request. But this doesn't matter since the request only needs to wake
> up the process, nothing else.
well, but it clutters up the logfiles so web statistic software gives
wrong data about web access, because it counts the internal calls as well.
The Wiki page says, that all calls originate from the lookback device,
but thats not true. In my logfiles, all calls are originated by the ip
address of the ssl host(s), so I don't know how to effectively exclude
these calls.
We have a central, small httpd.conf which includes config files for each
virtual host. While the CustomLog settings are defined in the
httpd.conf, the individual listen and virtual host configurationis done
in the single files. That way, we can easily add and remove files and
simply restart apache without having to touch httpd.conf.
Are there variable which contains the complete request ("GET /") and the
status code ("400")? This would be the only what to detect such internal
requests independend of servernames and ip addresses. What could a
SetenvIf directive look like that would set a "skip" variable which I
could use at the CustomLog setting?
Regards
Marten
Re: Strange access log entry repeating
Posted by Joshua Slive <jo...@slive.ca>.
On 10/15/07, Marten Lehmann <le...@cnm.de> wrote:
> I'm using httpd-2.2.4. If you don't have an idea, I can maybe track it
> down a bit further. But so far this simpelst thing I can explain is:
> With a pretty standard httpd.conf there is no long entry unless someone
> actually calls a URL. But once I include the configuration lines above
> and restart apache, strange log lines appear. Note: There is always an
> error 400. And the URL called is always "GET /", not even "GET /
> HTTP/1.0" or so.
See:
http://wiki.apache.org/httpd/InternalDummyConnection
When the default vhost is SSL, you get the 400 because apache doesn't
bother doing ssl negotiation -- it just sends an ordinary http
request. But this doesn't matter since the request only needs to wake
up the process, nothing else.
Joshua.