Chris, On Mon, Jul 8, 2013 at 11:50 PM, Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Howard, > > On 7/8/13 3:45 PM, Howard W. Smith, Jr. wrote: > > On Mon, Jul 8, 2013 at 3:40 PM, Caldarale, Charles R < > > chuck.caldar...@unisys.com> wrote: > > > >>> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] > >>> Subject: How to handle "CONNECT ... HTTP 1.1" 400 in > >>> localhost_access_log > >> > >>> 183.60.48.25 - - [08/Jul/2013:15:15:26 -0400] "CONNECT > >>> tcpconn2.tencent.com:443 HTTP/1.1" 400 - > >> > >>> Any advise on how to handle these requests (if necessary) > >>> and/or information about these type of 'CONNECT ...' requests > >>> would be appreciated. Thanks. > >> > >> It's from somewhere in China (who'da thunk it?); you can always > >> black list it with the RemoteAddrValve, but it will likely pop up > >> from somewhere else. > >> > > > > You beat me to the punch, Chuck. I thought about you when I just > > searched the IP database[1] for the IP address, and was about to > > reply again with this info, but thanks, I definitely need to > > blacklist that IP address. > > > > [1] https://ipdb.at/ip/183.60.48.25 > > Feel free to just drop the whole IP block with iptables or at a firewall > closer to the edge of your network. Interesting. sounds like a good idea, thanks. That is, of course, unless you need to serve clients in China. > definitely have no need, desire, or requirement to serve clients in China. :) why would the same IP address be hitting my server when 400 is the response? is that definitely a sign to China that a server (of some sort) is returning error 400? and they will continue attempting these "CONNECT ..." requests until they get a 404 or what? The 'HTTP "Forbidden" error' returned by RemoteAddrValve would seem to fuel future/continual attempts as well as error 400. right? > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJR24h9AAoJEBzwKT+lPKRYGO4QAJVD94MNoQ3XqQ8poGA2AwfV > 8E2e1XW6gPzmqAlpPv4hlwYGNWFhe7zCyixjJG2zXpC2H+g2uU4dxEpB+fQzAdLZ > QqjIhLXkY+lcGJisacvvIW9bLxJxVHaRPgZ7nPiYYkomXB7xdeoG/XHdbyjzACIx > niMAAYhd9hvI3K8ti8wgFmPnabMaOCVs4U9tOJa4M0GWBjlgMR32RCwB0dVBb9cw > uzaXjySXqXaXXxsAIG1EbRTraVVOmaJQZHa6RK0rfG3jKdXoTJhLlcdfeQXAR/AY > 3fZeMgP2JAB2ko0h2g6XdIEvW/EPJzT/wlEoLZJ7L3iWpT/7C9VfelmAgmNnxtam > zPNATFRIwkrPZ0qC/Z4d7Hgogpc4G5V1rB/jJjMi3JhLQM2oUQsf2U8zprZi1MHt > uDAflKl4wmnge5joQAWhp2m6+U1y4Cv47yT46hRu7A51PHBoruOUrogTTuy3HZk0 > qeHFZ1OkGJdfJCocWixpJnXvLSezfTZcDs7BYGYrwXkVRgc7GTY8RcLPgv7Z/C/u > sBqEk3unmnGMaNSt6V8yVls287OUKT2Q1yYyP8iDOHgMXtolQIoh87xOEOKAagol > DgST7p0M0xbFgLZSYpvYyHkbjw8zuwUJa2/WW6EbIzHZ9hH4Nqoq5ByNK2uOLm/a > 4D7PIkPUJuxao5PYTWdB > =Ael/ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
