I have problem with my Debian server (Linux 2.6.32-5-686 i686) when I start apache2 everything seems ok but in a while apache executable start duplicating it self again and again to thew critical moment when server fall down. I don't know where is the problem. I'm getting lot of these messages in access.log
::1 - - [04/Aug/2013:10:16:45 +0200] "OPTIONS * HTTP/1.0" 200 136 "-" "Apache (internal dummy connection)"
Please have a look at the apache wiki regarding this dummy connections http://wiki.apache.org/httpd/InternalDummyConnection
Please revise your settings for MinSpareServers and MaxSpareServers.
Related
I am managing a site hosted on aws ec2 using nginx. To avoid threats continuously monitoring nginx logs ( access.log & error.log). Though many threats are well managed by tweaking nginx.conf, but this specific one I am not even able to figure out how attacker manage to send such request.
access.log
xx.xxx.xx.xxx - - [18/Aug/2021:09:04:13 +0000] "GET http://xxxxxxxxx.com/ HTTP/1.1" 200 1400 "-" "Go-http-client/1.1"
In above case let's say name of my website is "h ttp://abc-xyz-1234.com", attacker is passing url in path (i.e. http://xxxxxxxxx.com/ ), and nginx responding with "200". I am still scratching my head how was request made and what was responded with 1400 of bytes ( response length still much lesser than website response site for path "/" ).
As I believe its not possible through browser, I tried to simulate using curl but it wouldn't work.
it is considered 2 separate request to curl
curl -A Mozilla h ttp://abc-xyz-1234.com/ http://xxxxxxxxx.com
invalid domain
curl -A Mozilla h ttp://abc-xyz-1234.comhttp://xxxxxxxxx.com
it will hit host with path /http://xxxxxxxxx.com and get rejected. Attacker is manage to send it without prefix "/" and thats what trying to simulate
curl -A Mozilla h ttp://abc-xyz-1234.com/http://xxxxxxxxx.com
You can use --request-target for this:
curl -A Mozilla http://abc-xyz-1234.com --request-target http://xxxxxxxxx.com
I have a little problem with CUPS 2.2.7
This is my /etc/hosts file:
127.0.0.1 example.com
127.0.0.1 localhost
in http://localhost:631/ CUPS is working right
but in http://example.com:631/ it doesn't work on the same pc.
The message error in View error log is that one:
E [21/Feb/2019:11:54:18 +0100] [Client 33] Request from "localhost" using invalid Host: field "example.com:631".
The web page on Firefox print an error message Invalid request and give me an Error (error code: 400) but seems point on CUPS.
How to solve this problem so that example.com:631 points to localhost and CUPS answers it successfully instead of Error 400: Access Denied.
By default cups servers HTTP requests only with HTTP Host header equal to "localhost". To allow it servicing requests for additional HTTP host headers use ServerAlias directive as described in the man cupsd.conf documentation. It's common to do the most unsafe thing and add
ServerAlias *
to /etc/cupsd.conf to allow all possible HTTP host headers to be serviced.
I know this is old, but I too was experiencing the same issue recently and I resolved it by updating the following line in cupsd.conf from:
Listen 0.0.0.0:631
changed to:
Listen *:631
For those that maybe care to know, I'm running CUPS within a docker container, and this change corrects the "Bad Request" response.
today I've updated my nodejs installation (from official CentOS 7 repo).
I used to serve via a lighttpd proxy, nothing special:
proxy.server = ( "" =>
( "" =>
(
"host" => "127.0.0.1",
"port" => 2368,
)
)
)
NodeJS itself is working fine, I got two apps running well (if accessed directly), lighttpd also proxying a third app (provided by a Java runtime), that's full functional.
Problem started with NodeJS update to 0.10.46 (via yum package manager), changed nothing on my configuration.
Lighttpd proxy.debug output:
(mod_proxy.c.1158) proxy - start
(mod_proxy.c.1199) proxy - ext found
(mod_proxy.c.1333) proxy - found a host 127.0.0.1 2368
(mod_proxy.c.417) connect delayed: 11
(mod_proxy.c.1042) proxy: fdevent-out 1
(mod_proxy.c.1065) proxy - connect - delayed success
(mod_proxy.c.1030) proxy: fdevent-in 4
(mod_proxy.c.652) proxy - have to read: 0
(mod_proxy.c.1158) proxy - start
(mod_proxy.c.1199) proxy - ext found
(mod_proxy.c.1333) proxy - found a host 127.0.0.1 2368
(mod_proxy.c.417) connect delayed: 11
(mod_proxy.c.1042) proxy: fdevent-out 1
(mod_proxy.c.1065) proxy - connect - delayed success
(mod_proxy.c.1030) proxy: fdevent-in 4
(mod_proxy.c.652) proxy - have to read: 0
NodeJS output:
"GET / HTTP/1.0"
"GET /favicon.ico HTTP/1.0" 200
So request is forwarded in first step, but then only a
500 - Internal Server Error
is delivered by lighttpd.
Any ideas? Don't know what I can try anymore.
Thanks in advance!
First comment to question was the right hint:
lighttpd version were problematic, update to 1.4.43 was the solution.
Node Version
Firstly I'd like to also point out that nodejs 0.10.x is very out of date. NodeJS is currently on v4.5 LTS and v6.5 Current. As the Javascript world moves very rapidly, relying on your distro's packages can leave you stuck with a very old version of node. You can use the nodesource.com service to get a recent build for your system. For example.
curl -sL https://rpm.nodesource.com/setup_4.x | bash -
yum install -y nodejs
Issues to check first
With that out of the way is your NodeJS application available at localhost:2368 ? Try accessing it in your browser (or a text browser like w3m if 2368 isn't open to the outside world). This could be as simple as NodeJS not returning data to the user.
Your lighttpd.conf looks fine however it is nested needlessly deep while this probably won't fix your issues try:
proxy.server = (
"" => (
(
"host" => "127.0.0.1",
"port" => "2368"
)
)
)
Other Possibilities
While I can't know exactly what your system is doing, I would assume this is more likely to be a node issue than a lighty issue. Try writing a simple http server hello world application in node and see if that is available to proxy.
I can't open the zabbix frontend URL via
http://zabbixservername/zabbix
Error 404 is given:
Not Found
The requested URL /zabbix was not found on this server.
Apache/2.4.7 (Ubuntu) Server at ipaddress Port 80
I'm running Ubuntu 14.04 LTS (GNU/Linux 3.13.0-27-generic x86_64)
I installed Zabbix server following Zabbix instructions for Ubuntu 14.04 at:
https://www.zabbix.com/documentation/2.2/manual/installation/install_from_packages
(bottom section of the page)
Though the follwowing file was not created:
/etc/apache2/conf.d/zabbix.conf
But I did edit regional settings in:
/etc/zabbix/apache.conf
After that I also copied the apache.conf to /etc/apache2/conf.d/zabbix.conf
restarted apache, but gave no result
Apache is running; when I go to http://zabbixservername/, I get the Apache default welcome page.
Also zabbix-server process is running on the server.
This is what the Apache acces.log says when I try to enter the frontend http://zabbixservername/zabbix
[04/Jun/2014:14:42:54 +0200] "GET /zabbix HTTP/1.1" 404 494 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36"
I would guess the problem lies somewhere within the communication between Apache and Zabbix?
If so... I don't know how to check and/or fix that...
Looking for some guidance here.
Additional information can be provided.
Though xunil's answer is right, let me correct it a little bit corresponding to the Ubuntu 14.04 and it's Apache 2.4
ln -s /etc/zabbix/apache.conf /etc/apache2/conf-available/zabbix.conf
It will put a symlink to the Apache config folder...
a2enconf zabbix.conf
service apache2 reload
...and these will reload the server to pick up the new configurations.
sudo cp /usr/share/doc/zabbix-frontend-php/examples/apache.conf /etc/apache2/conf-available/zabbix.conf
sudo a2enconf zabbix.conf
sudo service apache2 reload
When using IIS as RPS (Reverse Proxy Server) with Weblogic, using the Weblogic ISAPI filter plug-ins, there does not appear to be UTF-8 support for file attachment file names.
For example, the GET command with RPS in place showed the unencoded file name, i.e.:
10.166.45.33 - - [08/juin/2012:12:07:39 -0500] "GET
/cs/U1/pscc/V_d1305081-b3c5-4e1e-989e-b8bdd497a1a3/ÇÖÐÅ.msg
HTTP/1.1" 200 46088
That versus an encoded file name when RPS was not used:
10.210.36.126 - - [15/May/2012:11:35:38 -0500] "GET
/cs/U1/pscc/V_4ed65546-e138-4a84-b5b2-a2cf9f01d85f/%C3%87%C3%96%C3%9
0%C3%85.msg HTTP/1.1" 200 46088
How do I circumvent this
Thanks in advance
This is the problem with the plugin used between IIS and WLS