What does this mean?

LawsHosting

LawsHosting

Verified User
Joined
Sep 13, 2008
Messages
2,426
Location
London UK
in /var/log/httpd/access_log, I get every 5 seconds this:
127.0.0.1 - - [23/Apr/2010:09:36:39 +0100] "OPTIONS * HTTP/1.0" 200 -
Click to expand...
What is this? Never seen it before on any of my servers.

I tried this in httpd.conf but it doesn't want to know:

SetEnvIf Remote_Addr "127\.0\.0\.1" nolog
CustomLog /var/log/httpd/access_log common env=!nolog

TIA


To add: I know this isn't a threat, just wanted to know if I can block it from logging?
 
Last edited:
Peter Laws said:
in /var/log/httpd/access_log, I get every 5 seconds this:

What is this? Never seen it before on any of my servers.

I tried this in httpd.conf but it doesn't want to know:

SetEnvIf Remote_Addr "127\.0\.0\.1" nolog
CustomLog /var/log/httpd/access_log common env=!nolog

TIA


To add: I know this isn't a threat, just wanted to know if I can block it from logging?
Click to expand...

I'm not sure - but have you got any cron's running as localhost that are calling httpd?

BTW "OPTIONS" is a non-standard request (section 9.2 in the link below explains):

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

Do you have IPv6 running in Apache?
 
Last edited:
From Apache Wiki calls it an InternalDummyConnection..........

Funny thing is, their suggestion of blocking it from logging, doesn't seem to work!

And FYI, I'm only using IPv4 in Apache
 
Not sure what I did, I edited a few configs, retarted apache, and currently it has stopped......

Disclaimer: I don't recommend to randomly edit configs, this is a new server and has only 3 sites on it atm, so no much damage can be done.......
 
Ok its back ...... hmmmm
10-0 - 0/0/581 . 0.00 5319 0 0.0 0.00 1.14 127.0.0.1 server3.laws-hosting.co.uk OPTIONS * HTTP/1.0
Click to expand...
Beats me as to why its just this server

Cant be ClamAV as I disabled the mod_clamd ?


Edit, ok, could it be SNMPD?
 
Last edited:
I'm sure its not using IPv6, wouldn't it show the IPv6 version of 127.0.0.1 in the log and status page?

The server is a 8 core one (Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz , 8 cores).... My other servers are dual core..... not sure if Apache deals with more cores differently?

FWIW, it only happens with the default virtualhost (local ip), not with the main sites.. I'm just wondering if something is pinging 127.0.0.1 internally, and as to what, beats me, I cant see any dubious processes running:

18838 root 0.5 % /usr/share/webmin/proc/index_cpu.cgi
1 root 0.0 % init [2]
1135 dovecot 0.0 % pop3-login
1184 dovecot 0.0 % pop3-login
1880 root 0.0 % udevd --daemon
4765 root 0.0 % spamd child
7630 bind 0.0 % /usr/sbin/named -u bind
7661 root 0.0 % /usr/local/directadmin/da-popb4smtp
7665 nobody 0.0 % /usr/local/directadmin/directadmin d
7679 mail 0.0 % /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
7720 root 0.0 % /usr/bin/spamd -d -c -m 15
7733 root 0.0 % /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql --datadir=/usr/local/mysql ...
7737 dovecot 0.0 % pop3-login
7917 mysql 0.0 % /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysq ...
8044 root 0.0 % /sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan - ...
8068 root 0.0 % /usr/sbin/cron
8122 root 0.0 % /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
8124 root 0.0 % /sbin/getty 38400 tty1
8125 root 0.0 % /sbin/getty 38400 tty2
8126 root 0.0 % /sbin/getty 38400 tty3
8127 root 0.0 % /sbin/getty 38400 tty4
8128 root 0.0 % /sbin/getty 38400 tty5
8129 root 0.0 % /sbin/getty 38400 tty6
8162 root 0.0 % /usr/sbin/dovecot
8164 root 0.0 % dovecot-auth
8258 dovecot 0.0 % imap-login
8259 dovecot 0.0 % imap-login
8260 dovecot 0.0 % imap-login
8261 dovecot 0.0 % imap-login
8262 dovecot 0.0 % imap-login
8263 dovecot 0.0 % imap-login
8264 dovecot 0.0 % imap-login
8265 dovecot 0.0 % imap-login
8266 dovecot 0.0 % imap-login
8267 dovecot 0.0 % imap-login
8268 dovecot 0.0 % imap-login
8269 dovecot 0.0 % imap-login
8270 dovecot 0.0 % imap-login
8271 dovecot 0.0 % imap-login
8272 dovecot 0.0 % imap-login
8273 dovecot 0.0 % imap-login
13737 dovecot 0.0 % pop3-login
13970 dovecot 0.0 % pop3-login
14273 dovecot 0.0 % pop3-login
14941 dovecot 0.0 % pop3-login
15623 dovecot 0.0 % pop3-login
16508 apache 0.0 % /usr/sbin/httpd -k start -DSSL
16526 nobody 0.0 % /usr/local/directadmin/directadmin d
16529 nobody 0.0 % /usr/local/directadmin/directadmin d
16587 nobody 0.0 % /usr/local/directadmin/directadmin d
16591 nobody 0.0 % /usr/local/directadmin/directadmin d
16592 nobody 0.0 % /usr/local/directadmin/directadmin d
16898 dovecot 0.0 % pop3-login
17001 root 0.0 % spamd child
17329 dovecot 0.0 % pop3-login
17618 dovecot 0.0 % pop3-login
17805 apache 0.0 % /usr/sbin/httpd -k start -DSSL
17806 dovecot 0.0 % pop3-login
18089 root 0.0 % /usr/sbin/rsyslogd -c3
18675 root 0.0 % /usr/sbin/sshd
18839 root 0.0 % /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
18840 root 0.0 % /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
18841 root 0.0 % /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
18842 root 0.0 % /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
18843 dovecot 0.0 % pop3-login
18848 root 0.0 % sh -c ps --cols 2048 -eo user:80,ruser:80,group:80,rgroup:80,pid,ppid,pgid,pcpu, ...
18849 root 0.0 % ps --cols 2048 -eo user:80,ruser:80,group:80,rgroup:80,pid,ppid,pgid,pcpu,vsz,ni ...
19096 dovecot 0.0 % pop3-login
19616 root 0.0 % /usr/sbin/httpd -k start -DSSL
19618 apache 0.0 % /usr/sbin/httpd -k start -DSSL
19619 apache 0.0 % /usr/sbin/httpd -k start -DSSL
19621 apache 0.0 % /usr/sbin/httpd -k start -DSSL
19624 apache 0.0 % /usr/sbin/httpd -k start -DSSL
19626 apache 0.0 % /usr/sbin/httpd -k start -DSSL
20913 apache 0.0 % /usr/sbin/httpd -k start -DSSL
20914 apache 0.0 % /usr/sbin/httpd -k start -DSSL
24481 ftp 0.0 % proftpd: (accepting connections)
28652 apache 0.0 % /usr/sbin/httpd -k start -DSSL
30141 root 0.0 % /usr/local/sbin/clamd
30146 clamav 0.0 % /usr/local/bin/freshclam -d -c 6
30550 dovecot 0.0 % pop3-login
32132 dovecot 0.0 % pop3-login
Click to expand...

Also, its random times too now:
127.0.0.1 - - [27/Apr/2010:15:47:46 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:15:49:19 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:15:49:29 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:17:10:02 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:17:10:04 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:17:10:08 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:19:45:53 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:19:46:04 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:19:46:05 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:19:46:06 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [27/Apr/2010:22:31:51 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [28/Apr/2010:00:36:47 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [28/Apr/2010:00:36:48 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [28/Apr/2010:03:03:40 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [28/Apr/2010:03:05:44 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [28/Apr/2010:03:06:34 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [28/Apr/2010:09:29:38 +0100] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [28/Apr/2010:09:56:12 +0100] "OPTIONS * HTTP/1.0" 200 -
Click to expand...
and /var/log/messages doesn't give clues either :confused:
 
You must log in or register to reply here.
Back
Top