tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <smithh032...@gmail.com>
Subject Re: How to handle "CONNECT ... HTTP 1.1" 400 in localhost_access_log
Date Tue, 09 Jul 2013 05:09:10 GMT
Chris,

On Mon, Jul 8, 2013 at 11:50 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Howard,
>
> On 7/8/13 3:45 PM, Howard W. Smith, Jr. wrote:
> > On Mon, Jul 8, 2013 at 3:40 PM, Caldarale, Charles R <
> > Chuck.Caldarale@unisys.com> wrote:
> >
> >>> From: Howard W. Smith, Jr. [mailto:smithh032772@gmail.com]
> >>> Subject: How to handle "CONNECT ... HTTP 1.1" 400 in
> >>> localhost_access_log
> >>
> >>> 183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] "CONNECT
> >>> tcpconn2.tencent.com:443 HTTP/1.1" 400 -
> >>
> >>> Any advise on how to handle these requests (if necessary)
> >>> and/or information about these type of 'CONNECT ...' requests
> >>> would be appreciated. Thanks.
> >>
> >> It's from somewhere in China (who'da thunk it?); you can always
> >> black list it with the RemoteAddrValve, but it will likely pop up
> >> from somewhere else.
> >>
> >
> > You beat me to the punch, Chuck. I thought about you when I just
> > searched the IP database[1] for the IP address, and was about to
> > reply again with this info, but thanks, I definitely need to
> > blacklist that IP address.
> >
> > [1] https://ipdb.at/ip/183.60.48.25
>
> Feel free to just drop the whole IP block with iptables or at a firewall
> closer to the edge of your network.


Interesting. sounds like a good idea, thanks.

That is, of course, unless you need to serve clients in China.
>

definitely have no need, desire, or requirement to serve clients in China.
:)

why would the same IP address be hitting my server when 400 is the
response? is that definitely a sign to China that a server (of some sort)
is returning error 400? and they will continue attempting these "CONNECT
..." requests until they get a 404 or what?

The 'HTTP "Forbidden" error' returned by RemoteAddrValve would seem to fuel
future/continual attempts as well as error 400. right?



> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJR24h9AAoJEBzwKT+lPKRYGO4QAJVD94MNoQ3XqQ8poGA2AwfV
> 8E2e1XW6gPzmqAlpPv4hlwYGNWFhe7zCyixjJG2zXpC2H+g2uU4dxEpB+fQzAdLZ
> QqjIhLXkY+lcGJisacvvIW9bLxJxVHaRPgZ7nPiYYkomXB7xdeoG/XHdbyjzACIx
> niMAAYhd9hvI3K8ti8wgFmPnabMaOCVs4U9tOJa4M0GWBjlgMR32RCwB0dVBb9cw
> uzaXjySXqXaXXxsAIG1EbRTraVVOmaJQZHa6RK0rfG3jKdXoTJhLlcdfeQXAR/AY
> 3fZeMgP2JAB2ko0h2g6XdIEvW/EPJzT/wlEoLZJ7L3iWpT/7C9VfelmAgmNnxtam
> zPNATFRIwkrPZ0qC/Z4d7Hgogpc4G5V1rB/jJjMi3JhLQM2oUQsf2U8zprZi1MHt
> uDAflKl4wmnge5joQAWhp2m6+U1y4Cv47yT46hRu7A51PHBoruOUrogTTuy3HZk0
> qeHFZ1OkGJdfJCocWixpJnXvLSezfTZcDs7BYGYrwXkVRgc7GTY8RcLPgv7Z/C/u
> sBqEk3unmnGMaNSt6V8yVls287OUKT2Q1yYyP8iDOHgMXtolQIoh87xOEOKAagol
> DgST7p0M0xbFgLZSYpvYyHkbjw8zuwUJa2/WW6EbIzHZ9hH4Nqoq5ByNK2uOLm/a
> 4D7PIkPUJuxao5PYTWdB
> =Ael/
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message