tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <smithh032...@gmail.com>
Subject Re: How to handle "CONNECT ... HTTP 1.1" 400 in localhost_access_log
Date Tue, 09 Jul 2013 11:54:00 GMT
On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:

> > From: Howard W. Smith, Jr. [mailto:smithh032772@gmail.com]
> > Subject: Re: How to handle "CONNECT ... HTTP 1.1" 400 in
> localhost_access_log
>
> > why would the same IP address be hitting my server when 400 is the
> > response?
>
> > and they will continue attempting these "CONNECT..." requests until
> > they get a 404 or what?
>
> Because they're trying to break in.  Any response indicates there's
> something to poke around in.
>
> > The 'HTTP "Forbidden" error' returned by RemoteAddrValve would seem to
> fuel
> > future/continual attempts as well as error 400. right?
>
> True, which is why it's best just to have a firewall or the TCP/IP stack
> completely ignore the traffic, and not send anything back.  By the time the
> request gets to Tomcat, the TCP connection is established, so the
> antagonist knows there's something there.
>

Done. Thanks. Will continue to monitor logs, occasionally, to see if my
changes, made at the firewall level, blocks the IP addresses that are
repeat offenders. :)


>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message