You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/08/16 01:07:12 UTC

DO NOT REPLY [Bug 11751] New: - Logging 200 on hits that shouldn't

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11751>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11751

Logging 200 on hits that shouldn't

           Summary: Logging 200 on hits that shouldn't
           Product: Apache httpd-1.3
           Version: 1.3.26
          Platform: Sun
        OS/Version: Other
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Auth/Access
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: apache@ttsg.com


We seem to be getting log entries showing a result code of 200 that we do not
understand. The log entries look like :

195.130.88.40 - danny [14/Aug/2002:05:08:46 -0400] "GET /dmr/htpasswd HTTP/1.0" 
200 -
200.46.109.82 - danny [14/Aug/2002:05:13:44 -0400] "GET /dmr/htpasswd HTTP/1.0" 
200 -

153.96.67.2 - danny [14/Aug/2002:05:19:07 -0400] "GET /dmr/[no%20URL] HTTP/1.0" 
200 -
153.96.67.2 - danny [14/Aug/2002:05:19:08 -0400] "GET /dmr/[no%20URL] HTTP/1.0" 
200 -


209.26.225.2 - danny [14/Aug/2002:05:04:24 -0400] "HEAD /ccbill/members/dmr/.htp
asswd HTTP/1.0" 200 -


211.21.25.34 - skippy [14/Aug/2002:06:00:16 -0400] "HEAD /dmr/htpasswd HTTP/1.0"
 200 -
64.70.191.13 - 7135980 [14/Aug/2002:06:00:18 -0400] "HEAD /dmr/htpasswd HTTP/1.0
" 200 -
213.121.166.94 - danny [14/Aug/2002:05:04:24 -0400] "HEAD /ccbill/members/dmr/.h
tpasswd.ass HTTP/1.0" 200 -
200.211.71.3 - danny [14/Aug/2002:05:09:29 -0400] "GET /dmr/htpasswd HTTP/1.0" 2
00 -
216.120.184.82 - danny [14/Aug/2002:05:15:09 -0400] "GET /dmr/htpasswd HTTP/1.1"
 200 -
153.96.67.2 - danny [14/Aug/2002:05:18:55 -0400] "GET /dmr/htpasswd HTTP/1.0" 20
0 -
153.96.67.2 - danny [14/Aug/2002:05:18:56 -0400] "GET /dmr/htpasswd HTTP/1.0" 20
0 -
153.96.67.2 - danny [14/Aug/2002:05:18:56 -0400] "GET /dmr/htpasswd HTTP/1.0" 20
0 -

153.96.67.2 - danny [14/Aug/2002:05:19:09 -0400] "GET /dmr/[no%20URL] HTTP/1.0" 
200 -
153.96.67.2 - danny [14/Aug/2002:05:19:09 -0400] "GET /dmr/[no%20URL] HTTP/1.0" 
200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/add-passwd.cgi
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/.passwrd
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/expire.mydu
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:59 -0400] "GET /dmr/add-passwd.cgi
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:59 -0400] "GET /dmr/signups.LHAM
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:59 -0400] "GET /dmr/secure HTTP/1.0"
200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:59 -0400] "GET /dmr/ccbill-local.cgi
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:59 -0400] "GET /dmr/add-passwd.cgi
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:59 -0400] "GET /dmr/.dbusers.db
HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:41:30 -0400] "GET /dmr HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:41:30 -0400] "GET /dmr HTTP/1.0" 200 -
663.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/signups.LHAM
HTT
P/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/ccbill-local.cgi
 HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/.passwrd HTTP/1.
0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/secure HTTP/1.0"
 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/ccbill-local.cgi
 HTTP/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/signups.LHAM HTT
P/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/expire.mydu HTTP
/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/.dbusers.db HTTP
/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/signups.LHAM HTT
P/1.0" 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:39:58 -0400] "GET /dmr/secure HTTP/1.0"
 200 -
63.90.161.200 - lunarguy [15/Aug/2002:17:41:30 -0400] "GET /dmr HTTP/1.0" 200 -


Now, this wouldn't be so bad, EXCEPT.....

1) There is an .htaccess file in the /dmr directory that is :
AuthType Basic
AuthName "Members Area"
AuthUserFile /dev/null
AuthGroupFile /dev/null
<Limit GET POST>
require valid-user
</Limit>

2) Given that, how did it log a userid?

3) The files referenced also do not exist.

4) The file size for them all is "-", which means "unknown", no?

Given all this, how did these entries get logged?

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org