|
|
03-31-2008, 10:59 PM
|
|
Senior Member
|
|
Join Date: Nov 2007
Location: New York
Posts: 723
|
|
detect loop redirection?
Code:
ERROR [66.x.x.x:60600-0#APVH_forum.mywebsites.com] detect loop redirection
I saw this on the log for my forum, what does it mean? |
04-01-2008, 09:48 AM
|
|
LiteSpeed Staff
|
|
Join Date: May 2003
Location: New Jersey
Posts: 7,585
|
|
|
that means that somehow LSWS received a internal redirection request the same URL.
You can check your access log for URL causing this problem.
|
04-01-2008, 11:41 AM
|
|
Senior Member
|
|
Join Date: Nov 2007
Location: New York
Posts: 723
|
|
|
error_log file only shows that same line, I know the url causiing it but doesn't give any clues why it's doing that. There are only 3 instances in the log, all from today and it's coming from a google IP.
|
07-19-2008, 04:13 AM
|
|
Senior Member
|
|
Join Date: Aug 2007
Posts: 94
|
|
I got the same error today. A visitor or bot from Shanghai on 61.152.244.44 came probing against the direct IP of the server, searching for vulnerable code, using a user agent that was blocked by a LSWS server rule.
This is from the access log:
Code:
61.152.244.44 - - [19/Jul/2008:11:20:42 ] "GET /manager/html HTTP/1.1" 403 381 "-" "Mozilla/3.0 (compatible; Indy Library)"
This is from the error log:
Code:
2008-07-19 11:20:42.160 [NOTICE] [61.152.244.44:1513-0#Example] [client 61.152.244.44] mod_security: Access denied with code 403, [Rule: 'HEADER_USER_AGENT' 'Indy Library']
[Msg: Badbot blocked]
2008-07-19 11:20:42.179 [NOTICE] [61.152.244.44:1513-0#Example] Content len: 0, Request line:
GET /manager/html HTTP/1.1
2008-07-19 11:20:42.179 [NOTICE] [61.152.244.44:1513-0#Example] Redirect: #1, URL: /error404.html
2008-07-19 11:20:42.179 [ERROR] [61.152.244.44:1513-0#Example] detect loop redirection.
In the code above, you will also note that I have set a custom page for 403 errors, which redirects them to use the same page as 404 errors.
Is this 'detect loop redirection' anything to worry about? It seems that somehow an error has been generated, but I can't understand why. The LSWS is still running fine.
I think the 'manager/html' page they were looking for relates to several potential vulnerabilities in a variety of web applications.
Last edited by brrr; 07-19-2008 at 04:17 AM..
|
07-19-2008, 04:21 PM
|
|
LiteSpeed Staff
|
|
Join Date: May 2003
Location: New Jersey
Posts: 7,585
|
|
|
No worry unless something broken.
|
07-24-2008, 04:43 PM
|
|
Senior Member
|
|
Join Date: Aug 2007
Posts: 94
|
|
And again:
Code:
2008-07-24 02:40:45.357 [NOTICE] [218.58.226.13:4455-0#Example] [client 218.58.226.13] mod_security: Access denied with code 403, [Rule: 'HEADER_USER_AGENT' 'Indy Library']
[Msg: Badbot blocked]
2008-07-24 02:40:45.378 [NOTICE] [218.58.226.13:4455-0#Example] Content len: 0, Request line:
GET /manager/html HTTP/1.1
2008-07-24 02:40:45.378 [NOTICE] [218.58.226.13:4455-0#Example] Redirect: #1, URL: /error404.html
2008-07-24 02:40:45.378 [ERROR] [218.58.226.13:4455-0#Example] detect loop redirection.
I know it isn't a fatal error, so I am not worried about it, but it keeps coming up. 
Last edited by brrr; 07-24-2008 at 04:46 PM..
|
07-24-2008, 08:31 PM
|
|
LiteSpeed Staff
|
|
Join Date: May 2003
Location: New Jersey
Posts: 7,585
|
|
|
Maybe add a /error403.html page will fix this.
|
07-25-2008, 06:05 AM
|
|
Senior Member
|
|
Join Date: Aug 2007
Posts: 94
|
|
|
The /error404.html page is a custom static page that I have all my 404 and 403 etc errors point to, with the idea that by pointing all error codes to one standard response page I will give [unsophisticated] attackers minimal information about how the server responds to various types of problems.
Perhaps the issue may be that when LSWS is asked to deal with a 403 response, it's default behaviour is to respond with zero bytes of nothing, and also not log its response (as discussed previously in this forum).
And yet the security rule here is telling LSWS to explicitly record the error as a 403, and other server settings are also telling LSWS to serve up a custom page when it is asked to process a 403.
Maybe that causes some issues for the internal logic of the LSWS code.
|
07-27-2008, 05:33 PM
|
|
LiteSpeed Staff
|
|
Join Date: May 2003
Location: New Jersey
Posts: 7,585
|
|
|
It is because the request has been redirect to /error404.html twice.
Does /error404.html exist?
Maybe create a /error403.html exactly same as the 404 page, and set 403 error page to that one.
|
07-29-2008, 01:17 AM
|
|
Senior Member
|
|
Join Date: Aug 2007
Posts: 94
|
|
Quote:
Originally Posted by mistwang
It is because the request has been redirect to /error404.html twice.
Does /error404.html exist?
|
All server errors except 401 were being pointed to a custom static file called error404.html, which does exist as an actual file in the server default root.
Quote:
|
Maybe create a /error403.html exactly same as the 404 page, and set 403 error page to that one.
|
What I've done instead is modify the BadBot blocking security rule to just deliver a 404 response if it gets a match, and not deliver a 403 response.
If that doesn't work, I'll try your suggestion next. |
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 01:56 PM.
|
|
