Stopping GET requests in Apache

Toggle sidebar Toggle sidebar
V

vash

Platinum Member
Feb 13, 2001
2,510
0
0
For the last few weeks, I've seen a significant amount of plain ol 'GET /" requests to my Apache server.

I'm at a loss as to what is causing the significant jump to the site. My site is quite small and if you point a browser to the page, you will download a few images from index.html. Instead, these get requests don't get the main page, all they are looking for is "/".

Anyone know what is floating around that is doing this? What can I do to prevent someone from doing this to my server (Debian, woody, stable)

vash
 

xcript

Diamond Member
Apr 3, 2003
8,258
1
81
Err, "GET /" is a request for the index page.

Edit: Yeah, so maybe I'm not getting what the problem is. Sorry if this is the case.
 
V

vash

Platinum Member
Feb 13, 2001
2,510
0
0
They really aren't getting the / page at all. If you point to our website, you will definitely download a number of images. Also, we would see the refer from either yahoo or google if they came from a search engine.

Anyone else?

vash
 

xcript

Diamond Member
Apr 3, 2003
8,258
1
81
Originally posted by: vash
If you point to our website, you will definitely download a number of images.
Click to expand...

Not necessarily, if it's a robot or e-mail harvester what use would it have for the images?

Probably none, so they wouldn't be requested.

I get seemingly random hits like this in my access_log all the time. Doesn't do any harm.
 
V

vash

Platinum Member
Feb 13, 2001
2,510
0
0
Originally posted by: CTho9305
If you go to http://google.com/, google sees a "GET /". If you go to http://google.com/index.html, google sees a "GET /index.html". As others speculated, it is probably robots hitting you. Log user-agents and referers - you can then see if it bots, and where any other traffic is arriving from.
Click to expand...
Thanks for the response and yes, I am logging user-agents and referers (default I guess in Debians install). Here are a few of the lines in the log file:

ool-18b9a80f.dyn.optonline.net - - [04/Sep/2003:18:28:29 -0700] "GET / HTTP/1.1" 200 3510 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
user-0c8hj8s.cable.mindspring.com - - [04/Sep/2003:18:32:40 -0700] "GET / HTTP/1.1" 200 3510 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
adsl-155-252-151.asm.bellsouth.net - - [04/Sep/2003:18:35:19 -0700] "GET / HTTP/1.1" 200 3510 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
cvg-65-27-232-245.cinci.rr.com - - [04/Sep/2003:18:35:35 -0700] "GET / HTTP/1.1" 200 3510 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

I'm getting thousands of these per day. If someone comes from yahoo or google, I will see the refer in the log, but with so many like this, I'm not sure what is hitting the site.

vash
 
C

CTho9305

Elite Member
Jul 26, 2000
9,214
1
81
Ok, that just looks like random people hitting the front page for no apparent reason .
 
S

sciencewhiz

Diamond Member
Jun 30, 2000
5,885
8
81
If his front page has several images, he should have get requests for each image. Also, if it was random people, the user agent wouldn't always be the same user-agent.

vash, is it always the same user-agent? What date exactly did it start?
 
V

vash

Platinum Member
Feb 13, 2001
2,510
0
0
Originally posted by: sciencewhiz
If his front page has several images, he should have get requests for each image. Also, if it was random people, the user agent wouldn't always be the same user-agent.

vash, is it always the same user-agent? What date exactly did it start?
Click to expand...
This started a few weeks ago when the net started seeing the SoBig virus. The user agent is consistantly MSIE 5.5/Windows 98 machines, there are very hits that are different in that reguards. Again, if someone were hitting my main page, they would get a series of images, not nothing, as the requests come.

vash
 
S

sciencewhiz

Diamond Member
Jun 30, 2000
5,885
8
81
you could use packet inspecting firewall to block that specific http header based on the user-agent. However, you run the risk of blocking a small amount of legitimate traffic. You could also use mod_rewrite to give a smaller index page perhaps that only links to your main page. This will save you bandwidth, but will probably cost you CPU time.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |