Re: [users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Darryl Philip Baker
BTW after the host portion of the URL everything is bogus. They are trying variations on the URL, all bogus and only some with the encoding error. Most are just generating 404 errors but when one caused a 400 error, which is very rare for my site, that got my attention. There is not even a valid

Re: [users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Daniel Ferradal
rthwestern University > > 4th Floor > > 2020 Ridge Avenue > > Evanston, IL 60208-0801 > > darryl.ba...@northwestern.edu > > (847) 467-6674 > > > > From: Frank Gingras > Reply-To: Apache httpd Users > Date: Tuesday, November 1, 2022 at 12:11 PM > To

Re: [users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Darryl Philip Baker
ply-To: Apache httpd Users Date: Tuesday, November 1, 2022 at 12:11 PM To: Apache httpd Users Subject: Re: [users@httpd] Questionable URL being sent to our server I would not attribute this to a "DoS", as you can't really DoS httpd with a single request. It looks like plain URL en

Re: [users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Eric Covener
On Tue, Nov 1, 2022 at 10:26 AM Darryl Philip Baker wrote: > > We are getting a poorly formed URL being requested from our servers. Apache > is returning a 400 error but I am wondering if someone is try to exploit an > issue with some version of some web server out there. Maybe a Dos attack or

Re: [users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Frank Gingras
darryl.ba...@northwestern.edu * > > (847) 467-6674 <+18474676674> > > > > *From: *Frank Gingras > *Reply-To: *Apache httpd Users > *Date: *Tuesday, November 1, 2022 at 9:32 AM > *To: *Apache httpd Users > *Subject: *Re: [users@httpd] Questionable URL being sent t

Re: [users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Darryl Philip Baker
ply-To: Apache httpd Users Date: Tuesday, November 1, 2022 at 9:32 AM To: Apache httpd Users Subject: Re: [users@httpd] Questionable URL being sent to our server What is the HTTP method you see in the logs? Either way, they may trying to use your server as an open proxy, and failing to do so.

Re: [users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Frank Gingras
What is the HTTP method you see in the logs? Either way, they may trying to use your server as an open proxy, and failing to do so. On Tue, 1 Nov 2022 at 10:27, Darryl Philip Baker < darryl.ba...@northwestern.edu> wrote: > We are getting a poorly formed URL being requested from our servers. > A

[users@httpd] Questionable URL being sent to our server

2022-11-01 Thread Darryl Philip Baker
We are getting a poorly formed URL being requested from our servers. Apache is returning a 400 error but I am wondering if someone is try to exploit an issue with some version of some web server out there. Maybe a Dos attack or worse. Anyone have a clue what is being attempted? Sketchy URL: ht