httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sadananda B Rai" <s...@zeomega.com>
Subject RE: [users@httpd] Deny HEAD Request
Date Sun, 26 Jan 2003 08:37:17 GMT

 Thanks for the reply. I tried <Limit HEAD> deny from all. But it seems it's
not blocking it. I think u can help me by looking at access log and the
application error log I get from my site. It was basically a open proxy
attack. Now I have switched off proxy and they can not do anything but
traffic is still coming to my site.


The Application log...........

AUTHENTICATION_PATH 'Something/vhm'
URL0 'http://www.mydomain.com/members/HEAD'
URL1 'http://www.mydomain.com/members'
BASE3 'http://www.mydomain.com/members/HEAD'
URL2 'http://www.mydomain.com'
BASE1 'http://www.mydomain.com'
BASE0 'http://www.mydomain.com'
SERVER_URL 'http://www.ret ailvision.com'
VirtualRootPhysicalPath ('', 'somthing')
PUBLISHED <bound method NullResource.HEAD of <NullResource instance at
076AF2D0>>
URL 'http://www.mydomain.com/members/HEAD'
AUTHENTICATED_USER Anonymous User
BASE2 'http://www.mydomain.com/members'
TraversalRequestNameStack []
URL0 http://www.mydomain.com/members/HEAD
URL1 http://www.mydomain.com/members
URL2 http://www.mydomain.com
BASE0 http://www.mydomain.com
BASE1 http://www.mydomain.com
BASE2 http://www.mydomain.com/members
BASE3 http://www.mydomain.com/members/HEAD

environ
SERVER_SOFTWARE 'Zope/(Zope 2.6.0 (binary release, python 2.1, win32-x86),
python 2.1.3, win32) ZServer/1.1b1'
channel.creation_time 1043568699
SERVER_PROTOCOL 'HTTP/1.1'
SERVER_PORT '5090'
PATH_INFO
'/VirtualHostBase/http/www.mydomain.com:80/somthing/VirtualHostRoot/members'
HTTP_HOST '127.0.0.1:5090'
REQUEST_METHOD 'HEAD'
PATH_TRANSLATED
'\\VirtualHostBase\\http\\www.mydomain.com:80\\somthing\\VirtualHostRoot\\me
mbers'
HTTP_MAX_FORWARDS '10'
SCRIPT_NAME ''
HTTP_X_FORWARDED_HOST
'members.truelyember.com'----------------------(Unknown Stupid sites)
HTTP_X_FORWARDED_FOR '209.214.158.145'
REMOTE_ADDR '127.0.0.1'
SERVER_NAME 'cowboy'
HTTP_X_FORWARDED_SERVER 'www.mydomain.com'
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_USER_AGENT 'Mozilla/3.0 (compatible)'
HTTP_ACCEPT 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */


AccessLOG..............................

213.39.146.179 - - [24/Jan/2003:00:43:52 -0500] "HEAD
http://www.videoteam.com/members/ HTTP/1.0" 403 -
213.39.146.179 - - [24/Jan/2003:00:43:52 -0500] "HEAD
http://www.videoteam.com/members/ HTTP/1.0" 403 -
213.39.146.179 - - [24/Jan/2003:00:43:52 -0500] "HEAD
http://www.videoteam.com/members/ HTTP/1.0" 403 -
213.39.146.179 - - [24/Jan/2003:00:43:52 -0500] "HEAD
http://www.videoteam.com/members/ HTTP/1.0" 403 -
213.39.146.179 - - [24/Jan/2003:00:43:52 -0500] "HEAD
http://www.videoteam.com/members/ HTTP/1.0" 403 -
63.121.85.30 - - [24/Jan/2003:00:44:06 -0500] "HEAD
http://www.busty.pl/inside9/members99.html HTTP/1.0" 404 0
217.83.32.130 - - [24/Jan/2003:00:44:19 -0500] "CONNECT login.icq.com:443
HTTP/1.0" 403 394
63.121.85.30 - - [24/Jan/2003:00:44:25 -0500] "HEAD
http://www.busty.pl/inside9/members99.html HTTP/1.0" 404 0
211.94.204.61 - - [24/Jan/2003:00:44:33 -0500] "GET
http://www.webhitsdirect.com/whd.js?affiliate=254 HTTP/1.1" 404 404
61.54.128.243 - - [24/Jan/2003:00:44:42 -0500] "GET
http://www.qksrv.net/image-1263805-4976022 HTTP/1.0" 404 404
63.121.85.30 - - [24/Jan/2003:00:44:49 -0500] "HEAD
http://www.busty.pl/inside9/members99.html HTTP/1.0" 404 0
66.91.32.5 - - [24/Jan/2003:00:44:50 -0500] "HEAD
http://www.planetgirlco.com/members/view.php?page=members HTTP/1.0" 403 -
66.91.32.5 - - [24/Jan/2003:00:44:51 -0500] "HEAD
http://www.planetgirlco.com/members/view.php?page=members HTTP/1.0" 403 -
66.91.32.5 - - [24/Jan/2003:00:44:51 -0500] "HEAD
http://www.planetgirlco.com/members/view.php?page=members HTTP/1.0" 403 -
211.94.204.61 - - [24/Jan/2003:00:45:01 -0500] "GET
http://www.webhitsdirect.com/whd.js?affiliate=254 HTTP/1.1" 404 404
67.34.226.164 - - [24/Jan/2003:00:45:07 -0500] "HEAD
http://www.fetish-memoirs.com/passwdMgmt.cgi HTTP/1.0" 404 0
217.83.32.130 - - [24/Jan/2003:00:45:10 -0500] "CONNECT login.icq.com:443
HTTP/1.0" 403 394
12.110.177.6 - - [24/Jan/2003:00:45:11 -0500] "GET / HTTP/1.1" 302 0

          The site name each time keeps changing. To cut down the traffic I
finally blocking the ip's of these sites. But every minute it keeps changing
it. Is there any way to stop this or at least reduce the traffic.

Sadananda B Rai

-----Original Message-----
From: Sander Holthaus - Orange XL [mailto:info@orangexl.com]
Sent: Saturday, January 25, 2003 8:08 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Deny HEAD Request


As fas as I know, you cannot do this, since Apache considers HEAD and GET as
the same. (eg. enableing GET will also enable HEAD), but I'm not quite sure.

Try
    <Limit HEAD>
    Order deny,allow
    Deny from all
    </Limit>

But what I don't understand is: http://www.mydomain.com/something.html/HEAD
Is this the actual URL they trying to request? If that so, then this has not
much to do with the HEAD-request method in HTTP. Perhaps you can give us a
few examples fro, your access-log.

Also not that there are quite a few valid sites/user-agents and bots that
use the HEAD-method. Perhaps you should look at another direction for
blocking those unwanted requests?

Kind Regards,
Sander Holthaus

----- Original Message -----
From: "Sadananda B Rai" <srai@zeomega.com>
To: <users@httpd.apache.org>
Sent: Saturday, January 25, 2003 8:23 AM
Subject: [users@httpd] Deny HEAD Request


> Hello all,
>
>          One of my site which is running on apache is getting more traffic
> from the unknown sites. I think they are trying to test validity of URLS
> using HEAD type requests block. Is there any way I can deny all HEAD type
> http requests?. I get a request like
> http://www.mydomain.com/something.html/HEAD . I tried using Location tag.
> But it didn't work for me. Can anyone please help me as the earliest....
> Thanks in advance.
>
> Sadananda B Rai
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message