tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Wed, 17 Apr 2013 19:32:20 GMT
Konstantin Kolinko wrote:
> 2013/4/10 Howard W. Smith, Jr. <smithh032772@gmail.com>:
>> Every now and then, I like to review localhost_access_log files, just to
>> see who might be trying to access my web app, running on TomEE 1.6.0
>> snapshot (Tomcat 7.0.39). So, a few minutes ago, I saw the following in the
>> log:
>>
>> 113.11.200.30 - - [09/Apr/2013:19:26:58 -0400] "HEAD /manager/html
>> HTTP/1.0" 404 -
>>
> 
> By the way
> 1)  I think just feeding the default ROOT webapp to a Google bot or
> Baidu  will result in such requests coming from search bots for
> awhile.  That is because ROOT/index.jsp has links to the Manager
> application.
> 
> It looks like a good idea to add "noindex,nofollow" meta element to
> that page, or at least to those links.
> 
> 2) Bots may send HEAD requests to check whether the page has been
> created or modified since the last scan.  A HEAD request is usually
> served faster than a GET one.

But a HEAD request will also result in a 404 response if the requested resource does not 
exist. And the bot will have to wait for that one too.

> 
> Regarding a new feature of introducing a delay,
> 3) If you add a response delay it means that you are tying resources
> of your server for that period of time. In the worst case you will be
> tying a request processing thread.
> Though it may be that your load is low and you have some free
> resources for that.
> 
> Usually I would prefer to answer faster to to be ready to serve the
> next request from a valid user.
> 
Konstantin,
thanks for your response.
About tying up a valuable Tomcat thread, see Chuck's response (or mine, if you like to 
read more lines).


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message