[users@httpd] SSL access_log Flooded with "GET /" from 127.0.0.1 localhost

[imacat]

Dear all,

    Hi.  This is imacat from Taiwan.

    After upgrading to Apache 2.2, the access_log of my SSL virtual host
is flooded with numerious these records:

...............
127.0.0.1 - - [19/Mar/2007:15:00:18 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:00:19 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:00:20 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:00:21 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:34:10 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:39 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:42 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:43 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:47 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:48 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:50 +0800] "GET /" 400 663
127.0.0.1 - - [19/Mar/2007:15:38:54 +0800] "GET /" 400 663
...............

    I have searched the Apache 2.2 documentation, the Apache Users' list
and the Apache Developers' list and the Apache source files, and
confirmed that it is from modules/ssl/ssl_engine_io.c
ssl_io_filter_error(), as a result that the client make an HTTP request
on an HTTPS port.

    However, I have two questions:

    First, why does it need to do so, as making an internal request?
What will happen if it is not doing so?  Couldn't it just return an HTTP
400 Bad Request response to the user?

    The second and the most strange thing is that: Nobody is actually
make such an HTTP on HTTPS requst!  Not only that this is our internal
server that no one outside can reach.  If I make such an HTTP on HTTPS
request, I got the following result:

[EMAIL PROTECTED] ~ % lynx -dump http://172.16.168.195:443/

                                  Bad Request

....
[EMAIL PROTECTED] ~ % tail -n 1 /var/log/apache/ssl/access_log
172.16.168.195 - - [19/Mar/2007:16:54:27 +0800] "GET /" 400 663 "-" "-"
"-" 172.16.168.195 __
[EMAIL PROTECTED] ~ %

    Confirming that it logs my IP.  So the line:

127.0.0.1 - - [19/Mar/2007:15:00:18 +0800] "GET /" 400 663

    Must be from 127.0.0.1 localhost.  But there is nothing checking the
host constantly on a wrong port on the host itself.  Even if there is,
it can't possible be on all my Apache 2.2 hosts!

    Could someone tell me what these internal requests from?  Where can
I shut them down?

    Thank you very much in your time in advance.

-- 
imacat ^_*'
[EMAIL PROTECTED]
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

Tavern IMACAT's http://www.imacat.idv.tw/
Woman's Voice http://www.wov.idv.tw/
TLUG List Manager http://www.linux.org.tw/mailman/listinfo/tlug

pgp2aqhceuI9Z.pgp
Description: PGP signature