Recently seeing a bunch of 400s
Neil Sheth
nsheth at gmail.com
Wed Dec 3 08:37:46 MSK 2008
The majority of requests seem to be getting through - looking at the
log files for the past 2 days, looks like I'm seeing about 20k of
these 400 entries a day. For some of those IP addresses, some of the
requests "get through" but others return the 400. I checked the
access logs on my backend apache servers, and it doesn't look like
these requests ever get there. We are serving our images directly
from nginx, but it's difficult to see what request is causing this
error.
On Tue, Dec 2, 2008 at 9:30 PM, Neil Sheth <nsheth at gmail.com> wrote:
> They are saying they see a http 400 error page. I don't see anything
> of interest in the error log.
>
> On Tue, Dec 2, 2008 at 9:22 PM, Dave Cheney <dave at cheney.net> wrote:
>>
>> What is their complaint ?
>>
>> What does your error.log say ?
>>
>> Cheers
>>
>> Dave
>>
>> On Tue, 2 Dec 2008 20:49:10 -0800, Neil Sheth <nsheth at gmail.com> wrote:
>>> We're seeing a complaint from a user, pretty sure they aren't up to
>>> anything nefarious!
>>>
>>> On Tue, Dec 2, 2008 at 8:41 PM, Dave Cheney <dave at cheney.net> wrote:
>>>>
>>>> They are most likely bots probing port 80 on your server, then closing
>>>> the
>>>> connection without sending a request.
>>>>
>>>> Whois and host suggest that those are home ip's on cable modems. You
>>>> could
>>>> try running P0f or tcpdumping the traffic to see what they are doing.
>>>>
>>>> Cheers
>>>>
>>>> Dave
>>>>
>>>>
>>>> On Tue, 2 Dec 2008 20:25:01 -0800, Neil Sheth <nsheth at gmail.com> wrote:
>>>>> Hello,
>>>>>
>>>>> I'm seeing a bunch of entries like the following in my nginx access
>> log:
>>>>>
>>>>> 88.147.21.24 - - [02/Dec/2008:04:16:43 -0600] "-" 400 0 "-" "-"
>>>>> 72.14.204.136 - - [02/Dec/2008:04:16:43 -0600] "-" 400 0 "-" "-"
>>>>> 88.147.21.24 - - [02/Dec/2008:04:16:46 -0600] "-" 400 0 "-" "-"
>>>>> 88.147.21.24 - - [02/Dec/2008:04:16:48 -0600] "-" 400 0 "-" "-"
>>>>> 88.147.21.24 - - [02/Dec/2008:04:16:51 -0600] "-" 400 0 "-" "-"
>>>>> 72.39.110.147 - - [02/Dec/2008:04:16:53 -0600] "-" 400 0 "-" "-"
>>>>> 88.147.21.24 - - [02/Dec/2008:04:16:54 -0600] "-" 400 0 "-" "-"
>>>>> 67.165.72.106 - - [02/Dec/2008:04:16:56 -0600] "-" 400 0 "-" "-"
>>>>> 88.147.21.24 - - [02/Dec/2008:04:16:57 -0600] "-" 400 0 "-" "-"
>>>>> 82.37.232.219 - - [02/Dec/2008:04:17:00 -0600] "-" 400 0 "-" "-"
>>>>> 220.255.7.179 - - [02/Dec/2008:04:17:39 -0600] "-" 400 0 "-" "-"
>>>>> 220.255.7.218 - - [02/Dec/2008:04:17:39 -0600] "-" 400 0 "-" "-"
>>>>> 72.21.243.194 - - [02/Dec/2008:04:17:41 -0600] "-" 400 0 "-" "-"
>>>>> 220.255.7.141 - - [02/Dec/2008:04:17:41 -0600] "-" 400 0 "-" "-"
>>>>> 220.255.7.162 - - [02/Dec/2008:04:17:42 -0600] "-" 400 0 "-" "-"
>>>>> 220.255.7.184 - - [02/Dec/2008:04:17:42 -0600] "-" 400 0 "-" "-"
>>>>>
>>>>> and so on . . .
>>>>>
>>>>> I'm running 0.6.32. A bit of a loss as to where to start looking -
>>>>> any suggestions?
>>>>>
>>>>> Thanks!
>>>>
>>>>
>>
>>
>
More information about the nginx
mailing list