You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Brian Behlendorf <br...@collab.net> on 2001/01/27 18:35:07 UTC
logging error
In the access logs from last night (I log "%v CLF"):
www.apache.org 163.30.90.182 - - [26/Jan/2001:20:10:51 -0800] "GET /_vti_inf.html HTTP/1.1
Date: Sat, 27 Jan 2001 04:04:44 GMT" 404 281 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)"
(yes, there's a newline after the HTTP/1.1 there, that gets printed into
the log, making both those log entries bogus)
More examples:
www.apache.org 163.30.90.182 - - [26/Jan/2001:20:10:53 -0800] "OPTIONS / HTTP/1.1
Accept-Language: ja, en-us;q=0.2" 200 182 "-" "Microsoft Data Access Internet Publishing Provider DAV"
www.apache.org 163.30.90.182 - - [26/Jan/2001:20:12:14 -0800] "OPTIONS /images/apache_pb.gif HTTP/1.1
Accept-Language: ja, en-us;q=0.2" 200 182 "-" "Microsoft Data Access Internet Publishing Provider DAV"
www.apache.org 163.30.90.182 - - [26/Jan/2001:20:13:34 -0800] "GET /_vti_inf.html HTTP/1.1
Date: Sat, 27 Jan 2001 04:07:27 GMT" 404 281 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)"
www.apache.org 163.30.94.16 - - [26/Jan/2001:22:39:09 -0800] "GET /_vti_inf.html HTTP/1.1
Date: Sat, 27 Jan 2001 06:32:57 GMT" 404 281 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)"
Brian
Re: logging error
Posted by Jeff Trawick <tr...@bellsouth.net>.
Brian Behlendorf <br...@collab.net> writes:
> In the access logs from last night (I log "%v CLF"):
>
> www.apache.org 163.30.90.182 - - [26/Jan/2001:20:10:51 -0800] "GET /_vti_inf.html HTTP/1.1
> Date: Sat, 27 Jan 2001 04:04:44 GMT" 404 281 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)"
>
> (yes, there's a newline after the HTTP/1.1 there, that gets printed into
> the log, making both those log entries bogus)
One theory is that the client is sending a password in the request
(these are web publishing tools, right?) and that something bad
happened in the hide-password leg of code:
static const char *log_request_line(request_rec *r, char *a)
{
/* NOTE: If the original request contained a password, we
* re-write the request line here to contain XXXXXX instead:
* (note the truncation before the protocol string for HTTP/0.9 requests)
* (note also that r->the_request contains the unmodified request)
*/
return (r->parsed_uri.password) ? apr_pstrcat(r->pool, r->method, " ",
ap_unparse_uri_components(r->pool, &r->parsed_uri, 0),
r->assbackwards ? NULL : " ", r->protocol, NULL)
: r->the_request;
}
Does anybody have FrontPage 4.0 or something which would call itself
"Microsoft Data Access Internet Publishing Provider DAV"?
Any other theories?
> More examples:
>
> www.apache.org 163.30.90.182 - - [26/Jan/2001:20:10:53 -0800] "OPTIONS / HTTP/1.1
> Accept-Language: ja, en-us;q=0.2" 200 182 "-" "Microsoft Data Access Internet Publishing Provider DAV"
>
> www.apache.org 163.30.90.182 - - [26/Jan/2001:20:12:14 -0800] "OPTIONS /images/apache_pb.gif HTTP/1.1
> Accept-Language: ja, en-us;q=0.2" 200 182 "-" "Microsoft Data Access Internet Publishing Provider DAV"
>
> www.apache.org 163.30.90.182 - - [26/Jan/2001:20:13:34 -0800] "GET /_vti_inf.html HTTP/1.1
> Date: Sat, 27 Jan 2001 04:07:27 GMT" 404 281 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)"
>
> www.apache.org 163.30.94.16 - - [26/Jan/2001:22:39:09 -0800] "GET /_vti_inf.html HTTP/1.1
> Date: Sat, 27 Jan 2001 06:32:57 GMT" 404 281 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)"
--
Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...