You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John Iliffe <jo...@iliffe.ca> on 2013/05/25 02:48:10 UTC
[users@httpd] Is this an Apache config problem?
Every day I get a number of lines like the following in the Apache access
log. Note that the response code is 200, successful. The requested URL is
NOT on my web site.
Does this imply that I have actually created an open proxy or relay? I
would expect some form of error response such as 404.
176.8.88.90 - - [23/May/2013:18:46:46 -0400] "GET / HTTP/1.1" 200 5406
"http://www.world-mmo.com/" 29135 289
176.8.88.90 - - [23/May/2013:18:46:47 -0400] "GET / HTTP/1.1" 200 5406
"http://www.world-mmo.com/" 29136 217
Regards,
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is this an Apache config problem?
Posted by John Iliffe <jo...@iliffe.ca>.
On Saturday 25 May 2013 04:19:41 Walter H. wrote:
> On 25.05.2013 02:48, John Iliffe wrote:
> > Every day I get a number of lines like the following in the Apache
> > access log. Note that the response code is 200, successful. The
> > requested URL is NOT on my web site.
>
> can you image that you connect within your site to this host?
>
> > Does this imply that I have actually created an open proxy or relay?
> > I would expect some form of error response such as 404.
>
> then the 200-respone sounds logic;
>
> > 176.8.88.90 - - [23/May/2013:18:46:46 -0400] "GET / HTTP/1.1" 200 5406
> > "http://www.world-mmo.com/" 29135 289
> > 176.8.88.90 - - [23/May/2013:18:46:47 -0400] "GET / HTTP/1.1" 200 5406
> > "http://www.world-mmo.com/" 29136 217
>
> http://www.world-mmo.com is a valid website;
No, I am sure that there would be no legitimate attempt to connect to this
URL or any of the others like it that turn up periodically. That's what is
worrying me - I don't want to have an open proxy server!
Regards,
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is this an Apache config problem?
Posted by "Walter H." <Wa...@mathemainzel.info>.
On 25.05.2013 02:48, John Iliffe wrote:
> Every day I get a number of lines like the following in the Apache access
> log. Note that the response code is 200, successful. The requested URL is
> NOT on my web site.
>
can you image that you connect within your site to this host?
> Does this imply that I have actually created an open proxy or relay? I
> would expect some form of error response such as 404.
>
then the 200-respone sounds logic;
> 176.8.88.90 - - [23/May/2013:18:46:46 -0400] "GET / HTTP/1.1" 200 5406
> "http://www.world-mmo.com/" 29135 289
> 176.8.88.90 - - [23/May/2013:18:46:47 -0400] "GET / HTTP/1.1" 200 5406
> "http://www.world-mmo.com/" 29136 217
>
http://www.world-mmo.com is a valid website;
[users@httpd] SELinux great obstacle to getting further
Posted by georg <ge...@telia.com>.
Hi, Ive been struggling to get my Apache - PHP - ODBC - MimerSql
going, now I almost there....
However some guy calling himself SELinux wont let me......
as per follows:
--------------------------------------------------------------------------------------------------------------------------
SELinux is preventing httpd from write access on the sock_file
/usr/local/MimerSQL/mimtst/.fifo.
***** Plugin catchall_labels (83.8 confidence) suggests ********************
If you want to allow httpd to have write access on the .fifo sock_file
Then you need to change the label on /usr/local/MimerSQL/mimtst/.fifo
Do
# semanage fcontext -a -t FILE_TYPE '/usr/local/MimerSQL/mimtst/.fifo'
where FILE_TYPE is one of the following: dirsrv_var_run_t, mysqld_var_run_t,
httpd_var_run_t, lsassd_var_socket_t, systemd_passwd_var_run_t,
setrans_var_run_t, memcached_var_run_t, system_dbusd_var_run_t,
postgresql_var_run_t, zarafa_server_var_run_t, mysqld_db_t, devlog_t,
avahi_var_run_t, nscd_var_run_t, nslcd_var_run_t, sssd_var_lib_t,
postgresql_tmp_t, httpd_tmp_t, abrt_var_run_t, nscd_var_run_t,
winbind_var_run_t, httpd_tmpfs_t, pcscd_var_run_t, httpd_cvs_rw_content_t,
httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t,
httpd_apcupsd_cgi_rw_content_t, httpd_nutups_cgi_rw_content_t,
httpd_dspam_rw_content_t, httpd_prewikka_rw_content_t,
httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, passenger_var_run_t,
httpd_smokeping_cgi_rw_content_t, httpd_w3c_validator_rw_content_t,
httpd_dirsrvadmin_rw_content_t, httpd_collectd_rw_content_t, nscd_var_run_t,
pcscd_var_run_t, httpd_zoneminder_rw_content_t, httpd_user_rw_content_t,
httpd_awstats_rw_content_t, httpd_cobbler_rw_content_t,
httpd_munin_rw_content_t, httpd_mojomojo_rw_content_t, init_var_run_t,
httpd_bugzilla_rw_content_t.
Then execute:
restorecon -v '/usr/local/MimerSQL/mimtst/.fifo'
?
***** Plugin catchall (17.1 confidence) suggests ***************************
If you believe that httpd should be allowed write access on the .fifo
sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:usr_t:s0
Target Objects /usr/local/MimerSQL/mimtst/.fifo [ sock_file ]
Source httpd
Source Path httpd
Port <Unknown>
Host this.is
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.10.0-121.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name this.is
Platform Linux this.is 3.3.4-5.fc17.i686 #1 SMP Mon May 7
17:45:26 UTC 2012 i686 i686
Alert Count 10
First Seen Sun 19 May 2013 06:03:22 PM CEST
Last Seen Sun 26 May 2013 03:10:29 PM CEST
Local ID 0629a113-deb5-4413-8f5f-86c1a61080ec
Raw Audit Messages
type=AVC msg=audit(1369573829.588:110): avc: denied { write } for pid=2162
comm="httpd" name=".fifo" dev="dm-1" ino=262454
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=sock_file
?
Hash: httpd,httpd_t,usr_t,sock_file,write
audit2allowunable to open /sys/fs/selinux/policy: Permission denied
?
audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied
--------------------------------------------------------
I have tried
setenforce 0
--- and I think at one brief session (or even two) I have had it working,
but it seems that
that was caused by some sideeffect Im not able to reproduce.....
pls help if you have a clue
br Georg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is this an Apache config problem?
Posted by Robert Schoultz <ro...@gmail.com>.
Indeed a referer! I don't really think they have linked to your website, I
think they use a bot to spam web server logs with their website for
whatever reason, probably in hope to get more numbers. I have seen that
referer in a other logs as well and I don't think that is a coincidence :).
Den söndagen den 26:e maj 2013 skrev John Iliffe:
> On Saturday 25 May 2013 05:25:22 Nick Kew wrote:
> > On 25 May 2013, at 01:48, John Iliffe wrote:
> > > 176.8.88.90 - - [23/May/2013:18:46:46 -0400] "GET / HTTP/1.1" 200 5406
> > > "http://www.world-mmo.com/" 29135 289
> >
> > That's GET / .
> >
> > The other URL looks to me like a referer. Someone following a link to
> > you.
> =============================
> Thanks Nick.
>
> I didn't pick it up as a referrer. Don't know why this site would have a
> link to us - it is a Russian language gaming site by the looks of their
> home page (but I can't read it) and we sell Amateur Radio Books to Canadian
> Amateurs.
>
> Not an obvious match!
>
> Regards,
>
> John
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org <javascript:;>
> For additional commands, e-mail: users-help@httpd.apache.org<javascript:;>
>
>
Re: [users@httpd] Is this an Apache config problem?
Posted by John Iliffe <jo...@iliffe.ca>.
On Saturday 25 May 2013 05:25:22 Nick Kew wrote:
> On 25 May 2013, at 01:48, John Iliffe wrote:
> > 176.8.88.90 - - [23/May/2013:18:46:46 -0400] "GET / HTTP/1.1" 200 5406
> > "http://www.world-mmo.com/" 29135 289
>
> That's GET / .
>
> The other URL looks to me like a referer. Someone following a link to
> you.
=============================
Thanks Nick.
I didn't pick it up as a referrer. Don't know why this site would have a
link to us - it is a Russian language gaming site by the looks of their
home page (but I can't read it) and we sell Amateur Radio Books to Canadian
Amateurs.
Not an obvious match!
Regards,
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is this an Apache config problem?
Posted by Nick Kew <ni...@webthing.com>.
On 25 May 2013, at 01:48, John Iliffe wrote:
> 176.8.88.90 - - [23/May/2013:18:46:46 -0400] "GET / HTTP/1.1" 200 5406
> "http://www.world-mmo.com/" 29135 289
That's GET / .
The other URL looks to me like a referer. Someone following a link to you.
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org