You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Felix Rubio Dalmau <fe...@gmail.com> on 2013/02/14 08:52:59 UTC

[users@httpd] SSL access without the certificates?

Hi all,

	I have set up an apache server to be used privately by my family, and I 
have secured it by using SSL certificates (high grade ciphers, the client 
certificate is required), mod-evasive is enabled, etc. The question is: with this 
setup, how is possible that I get this entries in the log files?

[IP ADD] - - [07/Feb/2013:03:28:21 +0100] "GET /" 400 458 "-" "-"
[IP ADD] - - [09/Feb/2013:13:46:29 +0100] "-" 408 2919 "-" "-"
[IP ADD] - - [11/Feb/2013:17:07:21 +0100] "-" 408 3684 "-" "-"

I do not understand why the request in entries 2 and 3 has not been logged by 
the apache, but it is even worse that a client without the certificate has been 
able to do a "GET /". If that IP did not have the certificate this request should 
have been just ignored, right?

Does anyone know what can be happening here?

Regards!

-- 
Felix Rubio Dalmau