On Sun, Aug 25, 2024 at 6:18 AM Steinar Bang <s...@dod.no> wrote:
>
> >>>>> Steinar Bang <s...@dod.no>:
>
> One piece of weirdness in the access.log.
>
> These two IP address requests for "/" returns 200.
>
> > 162.216.149.127 - - [23/Aug/2024:00:51:03 +0000] "<server's IPv4 address>"
> > "GET / HTTP/1.1" 200 467 "-" "Expanse, a Palo Alto Networks company,
> > searches across the global IPv4 space multipleer day to identify
> > customers' presences on the Internet. If you would like to be excluded
> > from our scans, please send IP addresses/domains to:
> > scani...@paloaltonetworks.com"
> ...
> > 185.242.226.70 - - [23/Aug/2024:01:55:09 +0000] "<server's IPv4 address>"
> > "GET / HTTP/1.1" 200 467 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> > AppleWebKit/537.36 (KHTML, like Gecko) Chrom324.190 Safari/537.36"
>
> While this one gets the expected 444:
>
> > 199.45.154.128 - - [23/Aug/2024:02:18:44 +0000] "<server's IPv4 address>"
> > "GET / HTTP/1.1" 444 0 "-" "-"
>
> What's the difference between these two I wonder?
>
> Do I have more than one default config? (I think reloading the config
> would have failed then?
>
> The one that returns 444 has nothing in the server column, is that
> significant?
The first two which succeed have a user agent string ("Expanse..." and
"Mozilla/5.0..."). The third one which fails lacks the user agent
string ("-").
I'm not sure if that makes the difference in the behavior you are observing.
You may be able to test it with cURL or Wget. Here's how to fiddle
with the user agent with cURL:
<https://everything.curl.dev/http/modify/user-agent.html>; and Wget:
<https://www.gnu.org/software/wget/manual/wget.html#user_agent>.
Jeff
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
