tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: How to handle "CONNECT ... HTTP 1.1" 400 in localhost_access_log
Date Tue, 09 Jul 2013 06:18:36 GMT
> From: Howard W. Smith, Jr. [mailto:smithh032772@gmail.com] 
> Subject: Re: How to handle "CONNECT ... HTTP 1.1" 400 in localhost_access_log

> why would the same IP address be hitting my server when 400 is the
> response?

> and they will continue attempting these "CONNECT..." requests until 
> they get a 404 or what?

Because they're trying to break in.  Any response indicates there's something to poke around
in.

> The 'HTTP "Forbidden" error' returned by RemoteAddrValve would seem to fuel
> future/continual attempts as well as error 400. right?

True, which is why it's best just to have a firewall or the TCP/IP stack completely ignore
the traffic, and not send anything back.  By the time the request gets to Tomcat, the TCP
connection is established, so the antagonist knows there's something there.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message