Empty/Null Apache request entries in access log

apache-2.2 logwatch 301-redirect logging
5,341

It was an empty request.

  1. %r is actually the first line of their request, which means they sent an empty request. In other words, no headers, no body, nothing. It was likely a socket connection to port 80.
  2. The 301 was likely not to the website--remember, they have nothing defined in their request, including the desired file on your web site.
  3. Exactly.
  4. - means that no data was returned to the client, not to be confused with a size of zero.

In other words, this was probably somebody opening and closing a connection against port 80, without sending or receiving any data.

Share:
5,341

Related videos on Youtube

elle
Author by

elle

Updated on September 18, 2022

Comments

  • elle
    elle over 1 year

    This entry got logged in a Apache access log:

    IP ADDRESS - - [00/00/0000:00:00:00 -0000] " " 301 - "-" "-"

    It was detected by LogWatch as a null HTTP Response and also got marked as a successful probe..

    I am curious about how this request about made and how it is considered a successful probe. Here is what I can decipher with specific questions:

    1. Their request was " " - what does this mean?
    2. HTTP return code was 301: this website has a redirect defined in the Apache config - perhaps they were hitting the URL which triggers this redirect?
    3. They were not using a proper HTTP request
    4. They got "-" size return back - what does this mean?
  • elle
    elle about 12 years
    I would like to try and reproduce this error - is this entry. Any suggestions/ideas on how it can be done? Perhaps telnet? HTTP 301 throws me off - how and where is this being set??
  • Andrew M.
    Andrew M. about 12 years
    You could probably do this by sending the same data the user sent--that is, ` ` (space, by the looks of it). Although when doing this, you SHOULD receive a 501 error, not a 301--although your server may be configured differently. You can do this by doing something like: echo " " | nc http://whatever 80.
  • Andrew M.
    Andrew M. about 12 years
    One caveat here is that you can't forbid nc (or even ncat) from reading the response, so you WILL get a size for the returned value. You can likely write your own script that forcibly closes the connection after sending, but you'll need to do some footwork yourself.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Logwatch: connection attempts using mod_proxy
Apache https error log
AWStats is processing log files but does not display them
What's causing this 301 redirect loop?
Apache SSL Log Incomplete SSL Handshake
Apache: graceful kill fail, sending SIGKILL. How much is too much?
Why doesn't my mod_security catch / log anything?
Recover POST data from Apache logs?
Apache log meaning of %T and %D
How can I get logwatch to process alternate apache logs?