07-19-2008, 05:13 AM
Join Date: Aug 2007
|I got the same error today. A visitor or bot from Shanghai on 18.104.22.168 came probing against the direct IP of the server, searching for vulnerable code, using a user agent that was blocked by a LSWS server rule.
This is from the access log:
This is from the error log:
22.214.171.124 - - [19/Jul/2008:11:20:42 ] "GET /manager/html HTTP/1.1" 403 381 "-" "Mozilla/3.0 (compatible; Indy Library)"
In the code above, you will also note that I have set a custom page for 403 errors, which redirects them to use the same page as 404 errors.
2008-07-19 11:20:42.160 [NOTICE] [126.96.36.199:1513-0#Example] [client 188.8.131.52] mod_security: Access denied with code 403, [Rule: 'HEADER_USER_AGENT' 'Indy Library']
[Msg: Badbot blocked]
2008-07-19 11:20:42.179 [NOTICE] [184.108.40.206:1513-0#Example] Content len: 0, Request line:
GET /manager/html HTTP/1.1
2008-07-19 11:20:42.179 [NOTICE] [220.127.116.11:1513-0#Example] Redirect: #1, URL: /error404.html
2008-07-19 11:20:42.179 [ERROR] [18.104.22.168:1513-0#Example] detect loop redirection.
Is this 'detect loop redirection' anything to worry about? It seems that somehow an error has been generated, but I can't understand why. The LSWS is still running fine.
I think the 'manager/html' page they were looking for relates to several potential vulnerabilities in a variety of web applications.
Last edited by brrr; 07-19-2008 at 05:17 AM..