[plug] web server questions

James Devenish devenish at guild.uwa.edu.au
Sat Sep 20 10:33:41 WST 2003


In message <sf6c28e2.069 at mmtnetworks.com.au>
on Sat, Sep 20, 2003 at 10:15:55AM +0800, Jon  Miller wrote:
> while viewing the logs (/var/log/httpd/access.log) and seeing a lot MS
> hoax e-mails being deleted by MailMonitor I'm wondering is it possible
> to block certain sites from accessing the web server.

I'm confused: you are receiving lots of hoax e-mails. Okay. What on
earth does this have to do with your web server?

> Unlike mail servers where one can setup blacklist/blackholes/rbl list
> is there such a service for web servers?

Absolutely. There are many ways of doing this. For example:

 - packet and connection filters (e.g. ipchains, tcpwrappers)
 - web server configuration (consult documentation for your web server)

Apache has directives such as Allow and Deny. It is possible to make it
much more sophisticated than that, though.

> I've noticed the following:
> 
> /var/log/httpd/error.log
> [Sat Sep 20 10:01:12 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/tmpad/banner/itrack.asp
> [Sat Sep 20 10:01:13 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/a.htm
> [Sat Sep 20 10:01:22 2003] [error] [client 210.83.18.98] File does not exist: /var/www/html/search.php
> [Sat Sep 20 10:01:35 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/Affiliate/SB/search1.js

So what? Does this bother you in some way? Could you elaborate?

> /var/log/httpd/access.log
> 221.pool0.dsltokyo.att.ne.jp - - [20/Sep/2003:10:08:26 +0800] "GET / HTTP/1.1" 200 9515
> public2-runc2-5-cust118.manc.broadband.ntl.com - - [20/Sep/2003:10:08:26 +0800] "GET / HTTP/1.1" 200 9515
[...]
> These may or may not be legit entries, is there a way to tell other than bringing those site up.

Huh? What do you mean "legit entires"? They are log entries of pages
served by your web server, correct? So...they are simply a record of
what was happening. From the information that you've presented so far,
it looks like two remote users accessed a home page that is served by
your web server. What is the problem with that? Many websites have
hundred of thousands or millions of accesses to their home pages every
day. The two remote hosts are probably user machines...what do you mean
"bringing those sites up"?


_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list