You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jeffrey Walton <no...@gmail.com> on 2020/04/26 01:42:49 UTC
[users@httpd] What is a request for dash ("-")?
Hi Everyone,
My apologies for this lame question. I'm having trouble searching for it.
What is this request I see in the logs:
186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
The reason I ask is, we have a MediaWiki attached to Apache. It gets
quite a bit of spam attempts. If it is not a legitimate request, then
I'd like to ban the host. I suspect it is some kind of probe, but I'd
like to know for sure before I take action.
Thanks in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] What is a request for dash ("-")?
Posted by Jeffrey Walton <no...@gmail.com>.
On Sun, Apr 26, 2020 at 7:26 AM Yann Ylavic <yl...@gmail.com> wrote:
>
> On Sun, Apr 26, 2020 at 3:43 AM Jeffrey Walton <no...@gmail.com> wrote:
> >
> > What is this request I see in the logs:
> >
> > 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
> > 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
>
> If you are using the default LogFormat (i.e. "common"), the "-" here
> is the request line ("%r" format).
> A dash means not available (n/a), and 408 means timeout (request line
> not received within the configure Timeout).
>
> >
> > The reason I ask is, we have a MediaWiki attached to Apache. It gets
> > quite a bit of spam attempts. If it is not a legitimate request, then
> > I'd like to ban the host. I suspect it is some kind of probe, but I'd
> > like to know for sure before I take action.
>
> I don't think you should ban users for a timeout, while it can be
> malicious (a try to exhaust resources on your server), it's more
> likely a network issue (anywhere between the user and you server). In
> any case it's not spam, you'd need some kind on content analysis to
> detect spam, but here there is no content to look at.
> If there is a need to limit resources usage caused by timeouts or
> (maliciously-)slow clients, you should have a look at AcceptFilter
> ([1]) and/or mod_reqtimeout ([2]).
Thanks Yann.
It sounds like I should leave it alone. The miscreants will show their
head in other ways. I'll wait for another sign of their shenanigans.
Jeff
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] What is a request for dash ("-")?
Posted by Yann Ylavic <yl...@gmail.com>.
Hi,
On Sun, Apr 26, 2020 at 3:43 AM Jeffrey Walton <no...@gmail.com> wrote:
>
> What is this request I see in the logs:
>
> 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
> 186.222.62.229 - - [25/Apr/2020:21:35:18 -0400] "-" 408 -
If you are using the default LogFormat (i.e. "common"), the "-" here
is the request line ("%r" format).
A dash means not available (n/a), and 408 means timeout (request line
not received within the configure Timeout).
>
> The reason I ask is, we have a MediaWiki attached to Apache. It gets
> quite a bit of spam attempts. If it is not a legitimate request, then
> I'd like to ban the host. I suspect it is some kind of probe, but I'd
> like to know for sure before I take action.
I don't think you should ban users for a timeout, while it can be
malicious (a try to exhaust resources on your server), it's more
likely a network issue (anywhere between the user and you server). In
any case it's not spam, you'd need some kind on content analysis to
detect spam, but here there is no content to look at.
If there is a need to limit resources usage caused by timeouts or
(maliciously-)slow clients, you should have a look at AcceptFilter
([1]) and/or mod_reqtimeout ([2]).
Regards,
Yann.
[1] https://httpd.apache.org/docs/2.4/mod/core.html#acceptfilter
[2] https://httpd.apache.org/docs/2.4/en/mod/mod_reqtimeout.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org