Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D7A35F375 for ; Wed, 17 Apr 2013 18:25:05 +0000 (UTC) Received: (qmail 35342 invoked by uid 500); 17 Apr 2013 18:25:02 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 35215 invoked by uid 500); 17 Apr 2013 18:25:02 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 35203 invoked by uid 99); 17 Apr 2013 18:25:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Apr 2013 18:25:02 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Chuck.Caldarale@unisys.com designates 216.82.251.3 as permitted sender) Received: from [216.82.251.3] (HELO mail1.bemta12.messagelabs.com) (216.82.251.3) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Apr 2013 18:24:53 +0000 Received: from [216.82.249.147:27721] by server-3.bemta-12.messagelabs.com id A1/48-16745-FD8EE615; Wed, 17 Apr 2013 18:24:31 +0000 X-Env-Sender: Chuck.Caldarale@unisys.com X-Msg-Ref: server-8.tower-29.messagelabs.com!1366223066!23879633!19 X-Originating-IP: [192.61.61.104] X-StarScan-Received: X-StarScan-Version: 6.8.6.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29587 invoked from network); 17 Apr 2013 18:24:31 -0000 Received: from unknown (HELO USEA-NAEDGE1.unisys.com) (192.61.61.104) by server-8.tower-29.messagelabs.com with RC4-SHA encrypted SMTP; 17 Apr 2013 18:24:31 -0000 Received: from usea-nahubcas1.na.uis.unisys.com (129.224.76.114) by USEA-NAEDGE1.unisys.com (192.61.61.104) with Microsoft SMTP Server (TLS) id 8.3.83.0; Wed, 17 Apr 2013 13:24:05 -0500 Received: from USEA-EXCH8.na.uis.unisys.com ([129.224.76.41]) by usea-nahubcas1.na.uis.unisys.com ([129.224.76.114]) with mapi; Wed, 17 Apr 2013 13:24:05 -0500 From: "Caldarale, Charles R" To: Tomcat Users List Date: Wed, 17 Apr 2013 13:24:04 -0500 Subject: RE: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404 Thread-Topic: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404 Thread-Index: Ac47kPjx/CawMS+DR5CfREn7iZHgxQAAZs/QAAF379A= Message-ID: <99C8B2929B39C24493377AC7A121E21FC4A819FAF4@USEA-EXCH8.na.uis.unisys.com> References: <70C3D7FF9B194C1587F273ADE1623698@HP6910P> <-8374468888202311141@unknownmsgid> <516BD58F.2060207@pidster.com> <2AFD2E9D75D24E1FB992619D3549F388@HP6910P> <516BE951.7000106@pidster.com> <516C2133.8090703@ice-sa.com> <516C262F.6040007@ice-sa.com> <516C359F.4030506@ice-sa.com> <20130416152152.GE13819@IUPUI.Edu> <516D7E93.5020006@ice-sa.com> <8000842584522301737@unknownmsgid> <10884071.5855.1366137501706.JavaMail.mobile-sync@vemw20> <-3567947474235942048@unknownmsgid> <516DB043.2080409@ice-sa.com> <516EDB9B.7030700@ice-sa.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org > From: Leo Donahue - RDSA IT [mailto:LeoDonahue@mail.maricopa.gov]=20 > Subject: RE: Tomcat access log reveals hack attempt: "HEAD /manager/html = HTTP/1.0" 404 > So you are saying it could be possible to know in advance that certain=20 > requests are for repeated requests of nothing or being made by a bot,=20 > versus regular legitimate requests, in order to move those bot requests > off to another thread? Nothing of the sort. You simply put each 404 response on queue, and have a= n existing timer thread send it out when the appropriate delay has been ach= ieved. No threads are tied up during the delaying action. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MA= TERIAL and is thus for use only by the intended recipient. If you received = this in error, please contact the sender and delete the e-mail and its atta= chments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org