An unrelated issue brought me to looking at my Apache 2 access log one morning and much to my chagrin I noticed a 5 second ping with my local host address. Awesome. Did I have something running locally to hit my Apache HTTP server or was some joker being a d-ck?
127.0.0.1 - - [19/Jun/2014:12:13:58 -0400] "POST / HTTP/1.1" 200 77881
127.0.0.1 - - [19/Jun/2014:12:14:03 -0400] "POST / HTTP/1.1" 200 77881
127.0.0.1 - - [19/Jun/2014:12:14:08 -0400] "POST / HTTP/1.1" 200 77881
127.0.0.1 - - [19/Jun/2014:12:14:13 -0400] "POST / HTTP/1.1" 200 77880
Dropping my network connection stopped the access log entries so it looks like there is some bot pinging with no ident or user name.
Anyone have a tool to diagnose what's coming in?
Looks like Amazon Cloud is the culprit. Not sure why they need to ping my Apache server, but will research this even further with them.
Changed my Apache Log format to combined:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
#LogFormat "%h %l %u %t \"%r\" %>s %b" common
#CustomLog "/private/var/log/apache2/access_log" common
CustomLog "/private/var/log/apache2/access_log" combined
To get better output:
127.0.0.1 - - [19/Jun/2014:12:15:06 -0400] "POST / HTTP/1.1" 200 77881 "-" "Amazon%20Cloud%20Drive/20131119 CFNetwork/673.4 Darwin/13.2.0 (x86_64) (MacBookAir4%2C2)"
127.0.0.1 - - [19/Jun/2014:12:15:36 -0400] "POST / HTTP/1.1" 200 77881 "-" "Amazon%20Cloud%20Drive/20131119 CFNetwork/673.4 Darwin/13.2.0 (x86_64) (MacBookAir4%2C2)"
Recycled the Amazon Cloud Drive service and that looks like whatever process that was hanging around pinging the server dropped off. Curious this did not happen on the countless times I rebooted the machine in the last few days...
Related
According to this post I used proposed regex \"?\$\{(?:jndi|lower|upper|env|sys|java|date|::-j)[^\s]*\" to find jndi-signatures are used in useragent field of web-requests once by Lucene it doesn't work? please see the screenshot below:
Example: [27/Feb/2022:07:26:09 +0000] xxxx.xx.xx.xxx "-" "GET /xampp/cgi.cgi HTTP/1.1" 403 "-b" 0b 2ms "${jndi:ldap://log4shell-generic-W767eV31Ltd9L3OB6vXK${lower:ten}.w.nessus.org/nessus}" xxx.xx.xx.xxx 15638 "xxx.xxx.xx.xxx" "-" - - TLSv1.2 -,-,- It doesn't work with(out) caution marks even I checked /.*n/ based on this source.
I'm trying to get Sinatra up and running with Ruby with some beginner tutorials. Sinatra works fine on '/' requests, but any extension to that seems to break it and returns the error message 'Sinatra doesn’t know this ditty.' It doesn't seem to matter what I put after the '/xxx', it all fails.
Here's my code, config.ru:
require 'sinatra'
get '/' do
"Root"
end
get "/hello" do
"hello"
end
Here's what the server is saying:
127.0.0.1 - - [14/Oct/2014 20:20:53] "GET / HTTP/1.1" 200 10 0.0016
127.0.0.1 - - [14/Oct/2014 20:20:57] "GET /hello HTTP/1.1" 404 442 0.0010
127.0.0.1 - - [14/Oct/2014 20:20:57] "GET /__sinatra__/404.png HTTP/1.1" 304 - 0.0017
Thanks for any help!
A wild guess that your request url might have a trailing slash.
Sinatra treats URLs with/without trailing slashes differently unless you append “/?” to the end of your route like so:
get "/hello/?" do
'hello'
end
The route specified above will match both “/hello and “/hello/”.
I have a site made in Drupal, I finally was forced to set up virtual hosts for XAMPP, given that I am managing multiple local versions. I followed the seemingly straightforward help guides for OSX, however, ONLY the fornt page works, WITH populated data. ANY RESTFUL link however gets a 404.
/Applications/XAMPP/xamppfiles/etc/extra/httpd-vhosts.conf:
<VirtualHost p1>
ServerName p1
DocumentRoot /Users/path/to/p1
</VirtualHost>
<VirtualHost p2>
ServerAdmin email#p2.org
ServerName p2
DocumentRoot /Users/path/to/p2
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
httpd.conf in both /Applications/XAMPP/xampp/etc and /etc/apache2 are uncommented:
# Virtual hosts
Include /Applications/XAMPP/etc/extra/httpd-vhosts.conf
hosts file in /etc/ :
127.0.0.1 p1
127.0.0.1 p2
within the /Users/path/to/p2 the .htaccess file is:
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_environment_initialize() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess, because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
These are the same settings I originally uploaded to the server and the same ones on the server currently. I even pulled them off the server again to make sure they are duplicates.
What am I missing? I can not access the urls directly either. Somehow the routing isn't getting done properly is my best guess.
Upon accessing the homepage, the access_log is:
127.0.0.1 - - [14/Dec/2012:04:53:25 -0500] "GET / HTTP/1.1" 200 13838
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/system/system.base.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/system/system.menus.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/comment/comment.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /sites/all/modules/date/date_api/date.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/system/system.messages.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/system/system.theme.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /sites/all/modules/date/date_popup/themes/datepicker.1.7.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /sites/all/modules/date/date_repeat_field/date_repeat_field.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/node/node.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/field/theme/field.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/search/search.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /modules/user/user.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /sites/all/modules/views/css/views.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /sites/all/modules/ctools/css/ctools.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /themes/bartik/css/layout.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /themes/bartik/css/style.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /themes/bartik/css/colors.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /themes/bartik/css/print.css?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /misc/jquery.once.js?v=1.2 HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /misc/jquery.js?v=1.4.4 HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /misc/drupal.js?menhjd HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /themes/bartik/logo.png HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /themes/bartik/images/buttons.png HTTP/1.1" 304 -
127.0.0.1 - - [14/Dec/2012:04:53:26 -0500] "GET /misc/feed.png HTTP/1.1" 304 -
and then clicking on a link:
the error_log is:
[Fri Dec 14 04:55:45 2012] [error] [client 127.0.0.1] File does not exist: /Users/path/to/p1/projects, referer: http://p1
WHY IS THE SERVER LOOKING FOR A FOLDER, when it should be looking to the database based on the RESTFUL URL?
and the access_log is:
127.0.0.1 - - [14/Dec/2012:04:55:45 -0500] "GET /projects HTTP/1.1" 404 1204
also, the .ht.sqlite permissions are user (read and write), staff (read only) and everyone (read and write
EVEN if the db file wasn't accessible, that would then also preclude the homepage from displaying the current data in the file.....
The httpd-vhosts.conf needs to be updated to include the directory as well.
According to this site:
Lock the site down
You can lock your development site down and prevent outsiders from accessing it on your server by adding the right configurations. Something like the following will prevent outside access to this virtual host:
<VirtualHost *:80>
ServerName p2
DocumentRoot "/Users/path/to/site"
<Directory "/Users/path/to/site">
Options Includes FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
</VirtualHost>
OR 2. Allow outside access
Of course, you may want to be able to access the site from somewhere other than your development machine so you could use something like:
<VirtualHost *:80>
ServerName p2
DocumentRoot "/Users/path/to/site"
<Directory "/Users/path/to/site">
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Edit the Httpd-vhosts.conf file in xampp > apache > conf > extra
Restart apache.
Go to your website/wp-admin and log in. Go to settings > permalinks, and click save on your permalinks. If you have your .htaccess file in version control, you will notice it will have edited some values.
This will allow you to fix your issue like it did for me
get '/test' do
session[:my_session_id] = generate_random_id()
puts 'begin haml debug'
haml :"static/haml_page", :locals=>{:session_id => session[:my_session_id]}
end
I see in a log that a page above is constantly called twice:
begin haml debug
127.0.0.1 - - [02/Nov/2012 00:00:01] "GET / HTTP/1.1" 200 4317 1.5421
127.0.0.1 - - [02/Nov/2012 00:00:01] "GET /js/base/jquery.pjax.002902.js HTTP/1.1" 304 - 0.0234
[2012-11-02 00:00:01] WARN Could not determine content-length of response body. Set content-length of the response or set Response#chunked = true
127.0.0.1 - - [02/Nov/2012 00:00:01] "GET /css/docs.002902.css HTTP/1.1" 200 165 0.1086
.................................
begin haml debug
127.0.0.1 - - [02/Nov/2012 00:00:04] "GET / HTTP/1.1" 200 4317 1.9288
It makes me have some issues. Why is this happening?
I've moved to Puma server insted of Webrick because of similar issues.
Unfortunately I've lost example code with this problem.
In any case, if you have such problems please learn what brouser does:
Developers tool > Network (tab) will show exact sourse of request if it exists
Try to narrow this issue/bug by reducing code i.e. comment all JavaScripts, change page contents to 'Hello Wold' and observe is problem still happens
Share your code:)
Sorry for posting here, I don't know how to post this as addition to your qestion.
This is a hack, but if you really need to get it to only run the code once:
Create a global boolean variable. in the route, wrap everything in a conditional on the boolean. if false, set it true, run your code, and set it false again.
Want to test what's going on under the hood of http, so I did something like this:
socket = TCPSocket.open('localhost',4567)
request = "GET / HTTP/1.1\r\nHost:localhost\r\n\r\n"
socket.print request
But sinatra give me an error:
[2012-08-01 14:04:11] ERROR bad Request-Line `'.
ec2-184-169-164-27.us-west-1.compute.amazonaws.com - - [01/Aug/2012:14:04:11 UTC] "" 400 313
- ->
Any idea?
This might depend on web server, some web servers require some headers (I have had the same problem and solvedit by adding Accept header), and also some firewalls require User-Agent, so try this one:
socket.puts "GET / HTTP/1.1\r\n"
socket.puts "Host: localhost\r\n"
socket.puts "Accept: text/html,*/*\r\n"
socket.puts "User-Agent: Mozilla/4.0 (Windows; MSIE 6.0; Windows NT 6.0)\r\n"
socket.puts "Connection: close\r\n"
socket.puts "\r\n"
also note about space after : (it is rare) but a web server might require that!
also using puts might be better than print. (in my opinion!)