On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote:
> > From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] > > Subject: Re: How to handle "CONNECT ... HTTP 1.1" 400 in > localhost_access_log > > > why would the same IP address be hitting my server when 400 is the > > response? > > > and they will continue attempting these "CONNECT..." requests until > > they get a 404 or what? > > Because they're trying to break in. Any response indicates there's > something to poke around in. > > > The 'HTTP "Forbidden" error' returned by RemoteAddrValve would seem to > fuel > > future/continual attempts as well as error 400. right? > > True, which is why it's best just to have a firewall or the TCP/IP stack > completely ignore the traffic, and not send anything back. By the time the > request gets to Tomcat, the TCP connection is established, so the > antagonist knows there's something there. > Done. Thanks. Will continue to monitor logs, occasionally, to see if my changes, made at the firewall level, blocks the IP addresses that are repeat offenders. :) > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
