|
Home > Archive > Apache Server configuration support > March 2005 > Requests for non-local pages
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Requests for non-local pages
|
|
| Jan Klaverstijn 2005-03-04, 5:59 pm |
| Hi all,
I am running the following Apache:
Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/5mdk)
mod_perl/1.99_11Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c DAV/2
SVN/1.0.1-dev PHP/4.3.4 Server at www.klaverstijn.nl Port 80
If I look at my access log, I see predominantly requests for pages that are
not even served by me. I am quite puzzled by this. Some samples are:
"GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0"
"GET
http://www.epilot.com/searchresults...heme=bluedesign
HTTP/1.0"
"GET http://z1.adserver.com/w/cp. x;rid=...23;;nc
=1
HTTP/1.0"
The originating ip addresses differ greatly and are never internal
(192.168.*). The requests receive a 404 response, but I hate the clutter of
my logs and the overhead this causes to my server. Obviously, all seem to be
about the usual adware. Can someone tell me what's happening and how to stop
this or at least minimize the impact?
Thanks in advance.
Jan.
| |
|
| "Jan Klaverstijn" <jan@klaverstijn.nl> schreef in bericht
news:422888f0$0$90482$dbd45001@news.euronet.nl...
> I am running the following Apache:
> If I look at my access log, I see predominantly requests for pages that
are
> not even served by me. I am quite puzzled by this. Some samples are:
> "GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0"
> "GET
>
http://www.epilot.com/searchresults...heme=bluedesign
> HTTP/1.0"
> "GET
http://z1.adserver.com/w/cp. x;rid=...23;;nc
=1
> HTTP/1.0"
>
> The originating ip addresses differ greatly and are never internal
> (192.168.*). The requests receive a 404 response,
> but I hate the clutter of my logs
Try conditional logging http://httpd.apache.org/docs-2.0/logs.html#accesslog
-if you want to clean the error_log too, try
http://httpd.apache.org/docs-2.0/logs.html#piped-
>and the overhead this causes to my server.
Setting and testing the logging condition may increase the overhead...
> Obviously, all seem to be about the usual adware.
> Can someone tell me what's happening
Some think your system is a proxy ...
> and how to stop this or
You have no control over their thoughts -nor their PCs-.
> at least minimize the impact?
AFAIK responsing 404 is the minimum impact.
If there is a firewall upfront, it might be able to block this kind of
requests.
HansH
| |
|
|
|
| Jan Klaverstijn wrote:
> Hi all,
>
> I am running the following Apache:
>
> Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/5mdk)
> mod_perl/1.99_11Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c DAV/2
> SVN/1.0.1-dev PHP/4.3.4 Server at www.klaverstijn.nl Port 80
>
> If I look at my access log, I see predominantly requests for pages that
> are not even served by me. I am quite puzzled by this. Some samples are:
>
> "GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0"
> "GET
> HTTP/1.0"
> "GET
> http://z1.adserver.com/w/cp. x;rid=...23;;nc
=1
> HTTP/1.0"
>
> The originating ip addresses differ greatly and are never internal
> (192.168.*). The requests receive a 404 response, but I hate the clutter
> of my logs and the overhead this causes to my server. Obviously, all seem
> to be about the usual adware. Can someone tell me what's happening and how
> to stop this or at least minimize the impact?
>
> Thanks in advance.
>
> Jan.
If you use Linux then set up iptables (very easy to do) to just DROP
connections from those networks. If it were me I'd drop this whole shebang:
epilot:
Internap Network Services PNAP-05-2000 (NET-64-94-0-0-1)
64.94.0.0 - 64.95.255.255
64.94.0.0/15
Interchange Corporation INAP-LAX-ELIB-0777 (NET-64-94-109-0-1)
64.94.109.0 - 64.94.109.127
64.94.109.0/25
adserver.com:
Level 3 Communications, Inc. at 205.180.0.0/14
joshuastarling.com:
this is a yahoo account - complain to yahoo or drop all yahoo addresses
if you have no need of them. The internet shrinks for those who abuse it.
Eric
| |
|
| Jan Klaverstijn wrote:
> Hi all,
>
> I am running the following Apache:
>
> Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/5mdk)
> mod_perl/1.99_11Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c DAV/2
> SVN/1.0.1-dev PHP/4.3.4 Server at www.klaverstijn.nl Port 80
>
> If I look at my access log, I see predominantly requests for pages that
> are not even served by me. I am quite puzzled by this. Some samples are:
>
> "GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0"
> "GET
> HTTP/1.0"
> "GET
> http://z1.adserver.com/w/cp. x;rid=...23;;nc
=1
> HTTP/1.0"
>
> The originating ip addresses differ greatly and are never internal
> (192.168.*). The requests receive a 404 response, but I hate the clutter
> of my logs and the overhead this causes to my server. Obviously, all seem
> to be about the usual adware. Can someone tell me what's happening and how
> to stop this or at least minimize the impact?
>
> Thanks in advance.
>
> Jan.
If you use Linux then set up iptables (very easy to do) to just DROP
connections from those networks. If it were me I'd drop this whole shebang:
epilot:
Internap Network Services PNAP-05-2000 (NET-64-94-0-0-1)
64.94.0.0 - 64.95.255.255
64.94.0.0/15
Interchange Corporation INAP-LAX-ELIB-0777 (NET-64-94-109-0-1)
64.94.109.0 - 64.94.109.127
64.94.109.0/25
adserver.com:
Level 3 Communications, Inc. at 205.180.0.0/14
joshuastarling.com:
this is a yahoo account - complain to yahoo or drop all yahoo addresses
if you have no need of them. The internet shrinks for those who abuse it.
Eric
|
|
|
|
|