httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <>
Subject Re: [users@httpd] Re: How to regenerate 400 error code
Date Tue, 13 Jul 2010 13:24:44 GMT
On Tue, Jul 13, 2010 at 2:01 PM, Sakthi Esakiappan
<> wrote:
> Any information guys...
> On 13 July 2010 10:16, Sakthi Esakiappan
> <> wrote:
>> Hello,
>> Hack attempt is made in one of our server. The hacker used string
>> "" to continuously generate 400 Bad request to our
>> server. He is capable of generating very large number of request in a short
>> time from various IPs.
>> I have hardened apache for handling this error code. Now I want to verify
>> the same, so can any one suggest me how to regenerate 400 Bad request to a
>> server. It would be also helpful if any information about how to prevent
>> these types of attacks.

This isn't an 'attack', it is a probe. If you wish to prevent people
from probing your web server, take it off the internet.

If you want to generate a bad request, it is easier than you think:

> $ echo "This isnt a proper request" | nc strangepork 80
HTTP/1.1 400 Bad Request
Date: Tue, 13 Jul 2010 13:23:46 GMT
Server: Apache/2.2.15 (FreeBSD) mod_fastcgi/2.4.6 mod_ssl/2.2.15
OpenSSL/0.9.8e DAV/2 mod_wsgi/2.8 Python/2.6.5 mod_scgi/1.12
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message