tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to handle "CONNECT ... HTTP 1.1" 400 in localhost_access_log
Date Thu, 11 Jul 2013 15:25:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 7/9/13 8:16 AM, Mark Thomas wrote:
> On 09/07/2013 12:54, Howard W. Smith, Jr. wrote:
>> On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R < 
>> Chuck.Caldarale@unisys.com> wrote:
>> 
>>>> From: Howard W. Smith, Jr. [mailto:smithh032772@gmail.com] 
>>>> Subject: Re: How to handle "CONNECT ... HTTP 1.1" 400 in
>>> localhost_access_log
>>> 
>>>> why would the same IP address be hitting my server when 400
>>>> is the response?
>>> 
>>>> and they will continue attempting these "CONNECT..." requests
>>>> until they get a 404 or what?
>>> 
>>> Because they're trying to break in.  Any response indicates
>>> there's something to poke around in.
>>> 
>>>> The 'HTTP "Forbidden" error' returned by RemoteAddrValve
>>>> would seem to
>>> fuel
>>>> future/continual attempts as well as error 400. right?
>>> 
>>> True, which is why it's best just to have a firewall or the
>>> TCP/IP stack completely ignore the traffic, and not send
>>> anything back.  By the time the request gets to Tomcat, the TCP
>>> connection is established, so the antagonist knows there's
>>> something there.
>>> 
>> 
>> Done. Thanks. Will continue to monitor logs, occasionally, to see
>> if my changes, made at the firewall level, blocks the IP
>> addresses that are repeat offenders. :)
> 
> fail2ban is your friend

+1

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR3s5OAAoJEBzwKT+lPKRY7XQQAJSP6lFgt0Gkh4BUgWAiuznM
HwdQtSMYy5vlD032fglKHTkMWGRePKsQmxVaXWeND0A6xs3uaF4Ad+6RzkIQaRVo
yATe3Pw7z7aQZvKQCQ9Sq06HF1lQzfXCQSsKKTLq84fzmPMZKhWZN/BEJJIa2dwF
OZe5It8ThWCC4bFd3tGhbj2VnfHVlgD0X0qUuBzkoKE2wfKqYBHbPs/Nrp1+LQDY
xwHBQ62oEM873ylHJpVpVF9C/wVrBMoN9uN4SqYNdeKZ/7HB2oorjc0IunaYlGAw
pVfVfvrXtsq2oWHxvQE0cJWEHkQkXQ//IM7gjlYZO90p6KW95DJWwfqzUaxDfFb5
RnVEcRia9hAn6yMRHmH+STkGJeNXHNoa+TH5wHYwaqFLHnvIwgQ6goidMzRiXGKJ
Ue7uaQBk4rVFfoPeYg6q3lF03JzY1KQmUFfgpXaA/wmodAbVMDze8HSa/zSix3P/
0U8ybQKPFkBmNi5OLlpseHodiZYXtwMptlyIsqoMI3uUkeFcEYWwlbwvmh35O7MR
EBMGfq5UkccG3vG/1avBnqJxiSzcBdrxBmlhgPiaEAw3Lv9xeAPgbadmnb1ehgqu
RN70qsyUD/LmviCRyhJ7QxACDxCG7CzedZYUgBmtyCp6y5dhXpjsBNVXIRuSkD9L
fCunaeivyx0vd+dyprFT
=ylDD
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message