You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Thomas B�tzler <t....@bringe.com> on 2004/07/20 10:05:35 UTC

[users@httpd] Apache log shows authenticated user outside of realm?

Hi,

I really don't understand what's happening here; maybe somebody
could give me a hint: In the access log of one virtual host, we're
seeing accesses from one particular client showing up with a user-
name, even though he is not accessing a secured realm on the server.

FWIW, the client purports to be "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.0)".

What's going on here?

Puzzled,
Thomas




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: Apache log shows authenticated user outside of realm?

Posted by Robert Andersson <ro...@profundis.nu>.

Thomas Bätzler wrote:
> In the access log of one virtual host, we're seeing accesses from
> one particular client showing up with a user-name, even though he
> is not accessing a secured realm on the server.

First, this is not an Apache issue. The client sends a username, and
Apache logs it. The question is why the client sends the username.

> > Could you send us some log entries?
>
> ... - [01/Jul/2004:16:28:27 +0200] "GET / HTTP/1.1" 304 ...
> ... - [01/Jul/2004:16:28:28 +0200] "GET /css/global_blue.css HTTP/1.1" 304
...
> ...
> ... e637569 [01/Jul/2004:16:28:37 +0200] "GET /rubriken.php?...HTTP/1.1"
200

It sure seems strange to me. You do have a "realm" in which that
username is valid, right?

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: Apache log shows authenticated user outside of realm?

Posted by Thomas B�tzler <t....@bringe.com>.

"Eimantas Vaiciunas" <ei...@sc.vu.lt> asked:
> Could you send us some log entries?

212.157.192.116 - - [01/Jul/2004:16:28:27 +0200] "GET / HTTP/1.1" 304 - "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
212.157.192.116 - - [01/Jul/2004:16:28:28 +0200] "GET /css/global_blue.css
HTTP/1.1" 304 - "http://www.kostenlose-kleinanzeigen.de/"
 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
212.157.192.116 - - [01/Jul/2004:16:28:28 +0200] "GET /js/global.js
HTTP/1.1" 304 - "http://www.kostenlose-kleinanzeigen.de/" "Mozil
la/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
[get lots of images]
212.157.192.116 - e637569 [01/Jul/2004:16:28:37 +0200] "GET
/rubriken.php?Sess_Kka=fe8645ca20c82448cc2ef254af881ad0&rid=19 HTTP/1.1"
 200 3815 "http://www.kostenlose-kleinanzeigen.de/" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0)"

TIA,
Thomas




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Webalizer -- question

Posted by Eimantas Vaiciunas <ei...@sc.vu.lt>.

On Tuesday 20 July 2004 12:05, Richard correia wrote:
> What if I replace all 302 with 200 status code in access file ?
Bad idea. Unless you should write yourself a perl script with ugly regex :) 
and then feed access_log to webalizer.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Webalizer -- question

Posted by Robert Andersson <ro...@profundis.nu>.

Richard correia wrote:
> What if I replace all 302 with 200 status code in access file ?

Guh... Do you want to know how many are accessing the file through each URI?
As you only have two files, and only one of them cause a redirect, you need
to know how many requests have generated a 302 response. Most analyzers show
counts for the various return codes, I know at least awstats does this.

You could also simply do:
$ grep --count exposed.js access_log

If you remove the --count option and pipe it to a pager, you get to see the
relevant log lines.

It is only sane that requests for exposed.js doesn't result in a "hit".

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Webalizer -- question

Posted by Richard correia <ri...@ugamsolutions.com>.

What if I replace all 302 with 200 status code in access file ?

Richard

-----Original Message-----
From: Robert Andersson [mailto:robert@profundis.nu] 
Sent: Tuesday, July 20, 2004 3:00 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Webalizer -- question


Richard correia wrote:
>  User access exposed.jsp and they are redirected to popup.jsp with 302

> header.
>
>  Is that the reason webalizer is not treating exposed.jsp as a 
> hit/page?

Most likely, yes. I have not used webalizer much, but I would expect a
log analyzer to behave like that.

Regards,
Robert Andersson



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Webalizer -- question

Posted by Robert Andersson <ro...@profundis.nu>.

Richard correia wrote:
>  User access exposed.jsp and they are redirected to popup.jsp with 302
> header.
>
>  Is that the reason webalizer is not treating exposed.jsp as a hit/page?

Most likely, yes. I have not used webalizer much, but I would expect a log
analyzer to behave like that.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Webalizer -- question

Posted by Richard correia <ri...@ugamsolutions.com>.

Hi ..

 I have webalizer 2.01 installed on my linux server.

 I have only 2 files to be served from my server.

 1> popup.jsp
 2> exposed.jsp

 But when I check the webalizer output it shows only entries for
popup.jsp.

 The scene is ... 

 User access exposed.jsp and they are redirected to popup.jsp with 302
header.

 Is that the reason webalizer is not treating exposed.jsp as a hit/page
?


 Please help.

 Thanks
 Richard 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache log shows authenticated user outside of realm?

Posted by Eimantas Vaiciunas <ei...@sc.vu.lt>.

On Tuesday 20 July 2004 10:05, Thomas Bätzler wrote:
> Hi,
>
> I really don't understand what's happening here; maybe somebody
> could give me a hint: In the access log of one virtual host, we're
> seeing accesses from one particular client showing up with a user-
> name, even though he is not accessing a secured realm on the server.
>
> FWIW, the client purports to be "Mozilla/4.0 (compatible; MSIE
> 6.0; Windows NT 5.0)".
>
> What's going on here?
>
> Puzzled,
> Thomas
Could you send us some log entries?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org