You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Ben Timby <bt...@gmail.com> on 2011/05/31 16:37:17 UTC

Re: [users@httpd] strange encoded requests coming in to my server - like ' "\x80F\x01\x03\x01" ' ??

On Tue, May 31, 2011 at 10:08 AM, Jason Vas Dias
<ja...@gmail.com> wrote:
> I guess this is just opportunist hosts trying to connect to port 80 / port 443 with a garbage protocol ?
> If so, why are log entries made in the access log and not in the error log ?

Jason, this looks like a host connecting to port 443 on your box using
SSL while your host is not configured to use SSL on that port. In
other words, the data being sent by the client is enciphered, and your
host is treating it as plain text.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] strange encoded requests coming in to my server - like ' "\x80F\x01\x03\x01" ' ??

Posted by Jason Vas Dias <ja...@gmail.com>.

On Tuesday 31 May 2011 15:37:17 Ben Timby wrote:
> On Tue, May 31, 2011 at 10:08 AM, Jason Vas Dias
> <ja...@gmail.com> wrote:
> > I guess this is just opportunist hosts trying to connect to port 80 / port 443 with a garbage protocol ?
> > If so, why are log entries made in the access log and not in the error log ?
> 
> Jason, this looks like a host connecting to port 443 on your box using
> SSL while your host is not configured to use SSL on that port. In
> other words, the data being sent by the client is enciphered, and your
> host is treating it as plain text.
> 

Thanks Ben - but I don't see how that can be the case :

$ netstat -nautp | grep http
tcp        0      0 :::80                       :::*                        LISTEN      3271/httpd
tcp        0      0 :::443                      :::*                        LISTEN      3271/httpd


But I use a self-signed certificate which most browsers think is invalid until they add an exception .
There is nothing security sensitive on my home website .

And I can 'openssl s_client connect $MY_HOST:443 -CAfile $my_server_cert'  from an external internet host .

I just don't think that "non-requests" should appear at all in the access log, since they involve no accesses .

All the best,
Jason

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org