-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 7/9/13 8:16 AM, Mark Thomas wrote: > On 09/07/2013 12:54, Howard W. Smith, Jr. wrote: >> On Tue, Jul 9, 2013 at 2:18 AM, Caldarale, Charles R < >> chuck.caldar...@unisys.com> wrote: >> >>>> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] >>>> Subject: Re: How to handle "CONNECT ... HTTP 1.1" 400 in >>> localhost_access_log >>> >>>> why would the same IP address be hitting my server when 400 >>>> is the response? >>> >>>> and they will continue attempting these "CONNECT..." requests >>>> until they get a 404 or what? >>> >>> Because they're trying to break in. Any response indicates >>> there's something to poke around in. >>> >>>> The 'HTTP "Forbidden" error' returned by RemoteAddrValve >>>> would seem to >>> fuel >>>> future/continual attempts as well as error 400. right? >>> >>> True, which is why it's best just to have a firewall or the >>> TCP/IP stack completely ignore the traffic, and not send >>> anything back. By the time the request gets to Tomcat, the TCP >>> connection is established, so the antagonist knows there's >>> something there. >>> >> >> Done. Thanks. Will continue to monitor logs, occasionally, to see >> if my changes, made at the firewall level, blocks the IP >> addresses that are repeat offenders. :) > > fail2ban is your friend +1 - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR3s5OAAoJEBzwKT+lPKRY7XQQAJSP6lFgt0Gkh4BUgWAiuznM HwdQtSMYy5vlD032fglKHTkMWGRePKsQmxVaXWeND0A6xs3uaF4Ad+6RzkIQaRVo yATe3Pw7z7aQZvKQCQ9Sq06HF1lQzfXCQSsKKTLq84fzmPMZKhWZN/BEJJIa2dwF OZe5It8ThWCC4bFd3tGhbj2VnfHVlgD0X0qUuBzkoKE2wfKqYBHbPs/Nrp1+LQDY xwHBQ62oEM873ylHJpVpVF9C/wVrBMoN9uN4SqYNdeKZ/7HB2oorjc0IunaYlGAw pVfVfvrXtsq2oWHxvQE0cJWEHkQkXQ//IM7gjlYZO90p6KW95DJWwfqzUaxDfFb5 RnVEcRia9hAn6yMRHmH+STkGJeNXHNoa+TH5wHYwaqFLHnvIwgQ6goidMzRiXGKJ Ue7uaQBk4rVFfoPeYg6q3lF03JzY1KQmUFfgpXaA/wmodAbVMDze8HSa/zSix3P/ 0U8ybQKPFkBmNi5OLlpseHodiZYXtwMptlyIsqoMI3uUkeFcEYWwlbwvmh35O7MR EBMGfq5UkccG3vG/1avBnqJxiSzcBdrxBmlhgPiaEAw3Lv9xeAPgbadmnb1ehgqu RN70qsyUD/LmviCRyhJ7QxACDxCG7CzedZYUgBmtyCp6y5dhXpjsBNVXIRuSkD9L fCunaeivyx0vd+dyprFT =ylDD -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
