Results 1 to 8 of 8
  1. #1
    Join Date
    Aug 2002
    Location
    Canada!
    Posts
    161
    OPTIONS * HTTP/1.0" 200 138



    Quote:


    ::1 - - [18/Dec/2008:13:22:40 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:22:44 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:22:45 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:22:47 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:22:48 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:22:49 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:22:50 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:23:27 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:24:19 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:24:33 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:25:56 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:25:57 -0800] "OPTIONS * HTTP/1.0" 200 138
    ::1 - - [18/Dec/2008:13:25:59 -0800] "OPTIONS * HTTP/1.0" 200 138


    I've been seeing this in my log for the last hour or so. What's going on?

  2. #2
    Join Date
    Jun 2003
    Location
    Ukraine
    Posts
    263
    any updates?

  3. #3
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    433
    Quote Originally Posted by Ogg View Post
    :1 - - 18/Dec/2008 :13:22:40 -0800] "OPTIONS * HTTP/1.0" 200 138
    That's Apache InternalDummyConnection, nothing to worry at all.
    But I would rather worry about your server localtime though
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  4. #4
    Join Date
    Jun 2003
    Location
    Ukraine
    Posts
    263
    I see no problem with TS's local time. That was 2008th

    But I saw similar records today. They start to appear in the same time I have DDoS from IPv6 networks.
    Last edited by AlexAT; 09-29-2009 at 09:40 AM. Reason: "no reason, just want to edit"

  5. #5
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    433
    OK, then nothing to worry at all !

    If you don't want to log them, setup an environment variable in your apache conf file :

    SetEnvIf Remote_Addr "127\.0\.0\.1" nolog

    Then add it to your vhost acces log line :

    CustomLog /foo/bar/access.log combined env=!nolog
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  6. #6
    Join Date
    Jun 2003
    Location
    Ukraine
    Posts
    263
    Thank you.

    But I was worried not about logs but about DDoS.
    I thought it's related since IPv6 there and there.

  7. #7
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    433
    It is somehow related with your DDoS.
    If you look at Apache doc :

    When the Apache HTTP Server manages its child processes, it needs a way to wake up processes that are listening for new connections. To do this, it sends a simple HTTP request back to itself. This request will appear in the access_log file with the remote address set to the loop-back interface (typically 127.0.0.1 or ::1 if IPv6 is configured).
    So I would say that if you are facing a DDoS, it may be better not to log those requests to avoid a flood of your access logs.
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  8. #8
    Join Date
    Jun 2003
    Location
    Ukraine
    Posts
    263
    I see, thank you.

    However log flooding is nothing in comparing with DDoS.
    I just disable IPv6 in apache and this problem was solved.
    Last edited by AlexAT; 09-29-2009 at 10:40 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •