Strange connections to Apache from 127.0.0.1

Stephan Paukner :: syslog

Monday, March 5. 2007

Strange connections to Apache from 127.0.0.1

GNU/Linux

I posted my question to comp.os.linux.security and continued the discussion on the Serendipity mailing list. For the sake of documentation and to provide another spot in the net with a solution, I repeat the posting here:

I wondered about strange HTTP connections from 127.0.0.1 appearing in my access.log at irregular times:

CODE:
127.0.0.1 - - [16/Jan/2007:17:25:23 +0100] "GET /" 400 584 "-" "-" 127.0.0.1 - - [16/Jan/2007:17:25:26 +0100] "GET /" 400 584 "-" "-"

What irritated me was that those requests originate locally, are invalid (400 = Bad Request) and have no User-Agent identification string. [...]

I finally found out that this ought to be Apache-2.2’s internal dummy connections. They had the above form as long as my Apache-SSL config looked like

CODE:
NameVirtualHost *:443 <VirtualHost *:443> ... </VirtualHost>

Now, I use the IP instead of the ‘*’ and—lo and behold—the requests transform into

CODE:
127.0.0.1 - - [21/Feb/2007:19:08:52 +0100] "GET / HTTP/1.0" 200   3202 "-" "Apache/2.2.3 (DebianPHP/5.2.0-8 mod_ssl/2.2.3   OpenSSL/0.9.8c (internal dummy connection)"

I didn’t want to spend much time trying to understand what that dummy connections are good for. It seems like Apache2 kills some of its children such that the number of MaxSpareServers isn’t exceeded. And I wasn’t aware that the Apache syntax ‘*:443’ is somehow deprecated.

Posted by Stephan Paukner in GNU/Linux at 15:28 | Comments (0) | Trackbacks (0)
Defined tags for this entry:

Trackbacks
Trackback specific URI for this entry

No Trackbacks


Comments
Display comments as (Linear | Threaded)

No comments


Add Comment
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed

Calendar

Mon Tue Wed Thu Fri Sat Sun
Back February '25 Forward
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28    

Archives

Categories

Show tagged entries

Syndicate This Blog

Follow me

XING LinkedIn QRZ Diigo GitHub
Google Maps contributions YouTube Vimeo Likes Goodreads

Bookmarks

(More)

Powered by