[NBLUG/talk] How to read logwatch & httpd access_log
Dave Sisley
dsisley at sonic.net
Mon Jan 24 06:31:02 PST 2005
First, Thanks to Ron for the comprehensive response. I had to snip
most of it here, but it was very helpful.
And thanks too to Augie for reawakening this thread!
I have some good news, I think:
On Sun, Jan 23, 2005 at 11:09:05PM -0800, Ron Wickersham wrote:
<snip...>
>
> you can see that it has the information expected, with my request, but
> the status code is not 200, it's 405 and only 298 bytes were returned.
>
> it appears that your machine was doing something that made it return an
> OK 200 status code and a big block of data.
>
I copied the telnet command Ron used and tried to connect to my server
at port 80 and then sent a CONNECT line thusly:
CONNECT 1.3.3.7:1337 HTTP/1.0
...and I got the same entry in my access_log that I described in my
original post:
[ip addr of my sonic account] - - [24/Jan/2005:05:57:36 -0800] "CONNECT 1.3.3.7:1337 HTTP/1.0" 200 12545 "-" "-"
The good news is that using Ron's sleuthing method, I learned what the
12545 bytes are that were served up. It's my home page.
I'm assuming that I should configure the server to instead give out a
405 (not 200) on CONNECT requests, and that apache should return an
error page, not my home page.
I'm going to spend some time later this morning on this, and I'll post
what I find. I'm sure it's something simple - I just have to RTFM.
-dave.
--
Dave Sisley
dsisley at sonic.net
roth-sisley.net
More information about the talk
mailing list