Date: Fri, 25 Jun 1999 13:56:55 -0500 (CDT) From: Igor Roshchin <igor@physics.uiuc.edu> To: security@freebsd.org Subject: RE: strange host name in apache logs Message-ID: <199906251856.NAA19481@alecto.physics.uiuc.edu>
next in thread | raw e-mail | index | archive | help
Thanks for all responses. Let me respond to them at once, and expand on the questions. > From: "Don Sausa" <don@cyberspace2000.com> > > Looks like a cache server within your network. > > > From: Pete Fritchman <petef@netreach.net> > > Do you have a cisco router with web-caching enabled or some cisco product > with that? > > It looks obvious that you do. > ============ We have a cisco router from our ISP, but even if it had a web-caching enabled, a) it should not in the game (Nothing should be querying it) b) if there were some type of firewall built in which whould force all the requests going to the port 80 to go through the cache, there would be more than just two notes in the logs. (we have very busy web-servers) c) In any case, the cisco router has it's own ip number, which does not have this name in the DNS. > From: Greg <gmo@sirius.com> > > Disable name lookups, find the ip, and see what it resolves to. I had this > same problem, it seems some isp's and other providers have their DNS > servers setup incorrectly. I noticed the same problem with apache on my > box... > d) Shouldn't apache do direct/reverse nslookup and than compare the responses? There are some reasons why I need the host names rather than ip numbers in the web-log. So, unless this is really critical, security related problem, I'd rather not disable name lookups. Igor > On Fri, 25 Jun 1999, Igor Roshchin wrote: > > > > > Hello! > > > > I noticed a couple occasions when the visitor's host name in apache logs > > looks like: > > cache.cisco - - [24/May/1999:18:07:17 -0400] "GET /jul98/jul8.html > HTTP/1.0" 304 - > > > > Any idea about what that might mean ? > > The server is running 2.1-STABLE, and apache 1.2b10 > > (Yes, I know, it needs to be upgraded, and it will be). > > > > I have the host resolving enabled (when writing to the logs) for the > httpd. > > > > Thanks > > > > Igor > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906251856.NAA19481>