Results 1 to 8 of 8
  1. #1

    Post OPTIONS * HTTP/1.0 ?

    Am having a lot of this in my apache status in both, a dedicated server and a vps, i think is affecting our load, how can i fix it?

    example of just some of the ones that appear in the apache status (whm)

    Code:
    70-0 - 0/0/21 .  0.00 18726 0 0.0 0.00 0.17  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    71-0 - 0/0/33 .  0.00 18730 0 0.0 0.00 0.20  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    72-0 - 0/0/93 .  0.00 18731 0 0.0 0.00 0.83  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    73-0 - 0/0/17 .  0.00 18734 0 0.0 0.00 0.07  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    74-0 - 0/0/24 .  0.00 123794 0 0.0 0.00 0.13  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    75-0 - 0/0/30 .  0.08 123710 0 0.0 0.00 0.07  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    76-0 - 0/0/9 .  0.00 123783 0 0.0 0.00 0.03  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    77-0 - 0/0/10 .  0.01 123709 0 0.0 0.00 0.01  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    78-0 - 0/0/19 .  0.00 123748 232 0.0 0.00 0.17  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    79-0 - 0/0/129 .  0.00 123793 0 0.0 0.00 1.77  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    80-0 - 0/0/1 .  0.00 177694 0 0.0 0.00 0.00  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    81-0 - 0/0/1 .  0.00 177693 0 0.0 0.00 0.00  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    82-0 - 0/0/1 .  0.00 177692 0 0.0 0.00 0.00  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    83-0 - 0/0/3 .  0.07 177638 0 0.0 0.00 0.02  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    84-0 - 0/0/13 .  0.16 177609 0 0.0 0.00 0.03  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    85-0 - 0/0/1 .  0.00 177691 0 0.0 0.00 0.00  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    86-0 - 0/0/12 .  0.08 177616 0 0.0 0.00 0.01  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0 
    87-0 - 0/0/3 .  0.00 177647 0 0.0 0.00 0.00  127.0.0.1 server.domain.com OPTIONS * HTTP/1.0

  2. #2
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    This probably is a webdav exploit attempt aimed at Windows IIS machines. I see them once in a while.

    http://www.microsoft.com/technet/sec.../MS03-007.mspx

    I'm not familiar with your log format but it appears to be requests from *localhost*. Have you checked on your users?
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  3. #3
    That is normal, nothing to be worried about... see here for more info.. http://wiki.apache.org/httpd/InternalDummyConnection
    cPanel Hosting
    Site5.com - Best support in the hosting business!

  4. #4
    oh, i was worried since i had other servers and none show that except these new ones that got built just days ago with CentOs 5.x

    thanks a lot.

  5. #5
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Ah, that explains the localhost reference, and you can tell I don't run Apache any more.

    The webdav exploit attempt you may also see in your logs in addition to the innocent wake-up hits; they look something like:

    204.83.200.192 www.someone.org - [11/Jun/2009:08:23:49 -0700] "OPTIONS / HTTP/1.1" 301 0 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
    74.56.84.48 www. someone.org - [11/Jun/2009:15:43:28 -0700] "OPTIONS / HTTP/1.1" 301 0 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
    207.161.131.171 www.someone.org - [14/Jun/2009:14:22:32 -0700] "OPTIONS / HTTP/1.1" 301 0 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
    74.56.84.48 www.someone.org - [15/Jun/2009:11:28:50 -0700] "OPTIONS / HTTP/1.1" 301 0 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
    64.119.98.203 www.someone.org - [15/Jun/2009:14:27:32 -0700] "OPTIONS / HTTP/1.1" 301 0 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
    24.141.104.145 www.someone.org - [16/Jun/2009:00:04:05 -0700] "OPTIONS / HTTP/1.1" 301 0 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
    << removed by request >>
    Last edited by writespeak; 06-30-2009 at 07:10 PM.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  6. #6
    Quote Originally Posted by otamendi View Post
    oh, i was worried since i had other servers and none show that except these new ones that got built just days ago with CentOs 5.x

    thanks a lot.
    Just depends on how you have Apache setup, how many clients it keeps open, if it uses keepalives etc. If you have your server setup for 256 clients with keepalives on, and you only have 56 active Apache connections, the remaining 200 will show like you posted above.
    cPanel Hosting
    Site5.com - Best support in the hosting business!

  7. #7
    Quote Originally Posted by jphilipson View Post
    Just depends on how you have Apache setup, how many clients it keeps open, if it uses keepalives etc. If you have your server setup for 256 clients with keepalives on, and you only have 56 active Apache connections, the remaining 200 will show like you posted above.
    BTW, in my other servers i found those settings on the httpd.conf file, but on these ones that file doesn't have those options (keepalive, maxrequests, minserver, etc, etc) can you point me to the file where i can find those settings? thanks.

  8. #8
    It may not have the options specified in the httpd.conf, and is using the defaults. It is most likely using the default 256 clients and keepalives on. If you want to change that you would need to add the directives to your conf file. If you are not familiar with how to set those up, I would suggest learning more about them before you change from the defaults.
    cPanel Hosting
    Site5.com - Best support in the hosting business!

Similar Threads

  1. OPTIONS * HTTP/1.0" 200 138
    By Ogg in forum Hosting Security and Technology
    Replies: 7
    Last Post: 09-29-2009, 10:37 AM
  2. Replies: 2
    Last Post: 11-05-2008, 05:04 PM
  3. Advertising Options - Amazing Prices and Unbeatable Options
    By My eWriters in forum Other Offers & Requests
    Replies: 6
    Last Post: 01-26-2004, 09:28 PM
  4. Replies: 28
    Last Post: 10-02-2002, 04:56 AM
  5. Hardware questions PCI Riser/Harddrive options/Nic options
    By ClusterMania in forum Dedicated Server
    Replies: 2
    Last Post: 08-12-2002, 07:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •