I have mod_jk connector between Apache and Tomcat (on Ubuntu) and I'm looking at the mod_jk.log. The log mainly looks like this:
[Fri Jan 18 18:37:32 2013]ajp13 <some url from my domain> 0.011095
But occasionally I see these entries:
[Fri Jan 18 21:09:58 2013]ajp13 www.bradesco.com.br 0.030327
[Fri Jan 18 21:09:58 2013]ajp13 www.bb.com.br 0.009310
[Fri Jan 18 21:09:58 2013]ajp13 www.santander.com.br 0.011401
[Fri Jan 18 21:09:58 2013]ajp13 www.banese.com.br 0.010602
Does anybody know what urls are logged in mod_jk.log? Are these "br" entry legitimate?
Thanks.
The issue is not specific to mod_jk in any way, it just was initially observed in mod_jk logs.
All Brazilian URLs are coming from Host header property of the GET request. And as suggested in this comment this is a scan for open proxies.
Interesting enough it comes from the same IP address (65.111.177.188) for many months.
To shut this garbage out I added an extra rule to the mod_security conf file on the server:
SecRule &REQUEST_HEADERS:Host "!#pm mydomain" "phase:1,deny"
so that all hosts without mydomain in them are denied right away.
Related
OS: Windows 10
MAMP: 4.1.1
After installation, every time I run the program, Apache light goes green for a second and then turns off automatically. MySQL runs fine though.
The log file located at C:\MAMP\logs\apache_error.log contains these lines.
[Fri Jan 17 18:03:42 2020] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Jan 17 18:03:43 2020] [warn] pid file C:/MAMP/bin/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Fri Jan 17 18:03:43 2020] [notice] Digest: generating secret for digest authentication ...
[Fri Jan 17 18:03:43 2020] [notice] Digest: done
I find a lot of people online encountered the same situation as mine. But I cannot find out the solution. So I come here to find the potential solution.
P.S. I don't have the common Port 80 confliction problem. So I'm sure my problem is not related to it.
Navigate to C:\MAMP\conf\apache\extra.
Edit the httpd-ssl.conf and comment the following line:
...
SSLSessionCache shmcb:/some/example/path/ssl_scache(512000)
...
To:
...
# SSLSessionCache shmcb:/some/example/path/ssl_scache(512000)
...
Also, check out https://cwiki.apache.org/confluence/display/HTTPD/SSLSessionCache for more info. Hope this helps.
Since a few days, my Apache 2 error log is showing a lot messages like the following (IP addresses and URIs redacted):
[Thu Dec 12 13:46:42 2013] [error] [client 111.222.333.444] 0
[Thu Dec 12 13:52:27 2013] [error] [client 222.333.444.555] 0, referer: http://www.mydomain.com/
[Thu Dec 12 13:52:27 2013] [error] [client 222.333.444.555] 0, referer: http://www.mydomain.com/
[Thu Dec 12 13:53:54 2013] [error] [client 333.444.555.666] 0, referer: http://www.mydomain.com/subdirectory/
[Thu Dec 12 13:46:42 2013] [error] [client 444.555.666.777] 0
[Thu Dec 12 13:54:07 2013] [error] [client aaaa:1111:2222:ffff::] 0, referer: http://www.otherdomain.com/subdirectory/
What is this 0? There are no other messages shown (besides sometimes some other, normal messages, but very rarely).
The IP addresses are both IPv4 and IPv6. I checked the access log for the same date/time and IP addresses. Most of the times, there was an access for the exact same moment from this IP for different URIs on my webpage. But sometimes, there wasn't an access according to the access log.
It's a shared hosting environment, so I can't access the Apache settings (but I have ssh access to my home directory if this helps). I already googled and searched the Apache documentation, but didn't found anything (it's hard to search for "0"...)
/edit: I also asked the webhoster, they said they don't know what it's causing. I cross checked it with the Apache access log, these are requests to PHP scripts (mostly Joomla), but also requests to images as well as JS and CSS files. So I assume it's not a PHP script which is causing this.
If your error_log directive is unset errors will be written in your Apache log file for current VirtualHost.
So double check your PHP configuration (php.ini) or write a simple page with phpinfo()
If this is true, you should look inside your code (may be even into index.php).
Pay attention to this: usually there are two separate php.ini files for Apache /etc/php5/apache2/php.ini and CLI configuration /etc/php5/cli/php.ini.
Please also consider that, if you want change your PHP configuration, you can use ini_set function.
ini_set('error_log', '/var/log/php/error_new.log');
Remember: the destination directory must exist and your web server (or php engine) must have all permission to write into.
error_log format is not customizable, I suspect that it can be set to some higher level: debug or trace, where it can produce additional information.
Also please take into account, that error_log contains debug info from CGI/PHP/Perl scripts, so that 'zero' can be produced by some script that executed through apache as its module.
In apache, the module mod_jk not changes IP of hostname when occurs changing of IP on DNS.
Version of apache:
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:15
Version mod_jk: 1.2.37
Example:
workers.properties
worker.portalconsultoras_prd.type=ajp13
worker.portalconsultoras_prd.host=hostexample.com.br
worker.portalconsultoras_prd.port=8009
This configuration works fine.
But, when occurs change ip in the host name in DNS, the module md_jk starts fail to connect. Follow below the log of mod_jk:
[Wed Sep 18 12:00:33 2013] [5315:140659824723936] [info] jk_open_socket::jk_connect.c (627): connect to 107.xx.xx.220:8009 failed (errno=115)
[Wed Sep 18 12:00:33 2013] [5315:140659824723936] [info] ajp_connect_to_endpoint::jk_ajp_common.c (995): Failed opening socket to (107.xx.xxx.220:8009) (errno=115)
[Wed Sep 18 12:00:33 2013] [5315:140659824723936] [error] ajp_send_request::jk_ajp_common.c (1630): (portalconsultoras_prd) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=115)
I would like a configuration of apache that avoid this problem.
Looking for the solutions in google, have turn on the "HostnameLookups", but is inefficient.
Thanks!
We have been running Apache with Tomcat using mod_jk for about a month now with out issues. This morning I have started seeing the error below in the mod_jk log files.
I am fairly new to using mod_jk and am not sure how to increase the number of connections, see the number of active connections and/or kill of connections that are idle or dead.
Any ideas/help would be much appreciated.
[Thu Sep 19 11:02:42 2013] [1644:11984] [warn] ajp_get_endpoint::jk_ajp_common.c (3177): Unable to get the free endpoint for worker Worker1 from 10 slots
[Thu Sep 19 11:02:42 2013] [1644:11984] [error] jk_handler::mod_jk.c (2726): Could not get endpoint for worker=Worker1
[Thu Sep 19 11:02:42 2013] [1644:11984] [info] jk_handler::mod_jk.c (2788): Service error=0 for worker=Worker1
So it turns out this issue was a by product of another configuration issue. We had different Railo contexts configure to point to the same set of shared directories, some of the context's mapped to directories that were within the root context which caused Java thread locks
I am running an Apache on Ubuntu which works pretty fine. However, if I issue 'shutdown -r now' and wait until the server has been booted successfully, the website won't show up in the browser.
Then, if I issue: service apache2 start, it'll show:
[Thu Jun 14 11:08:38 2012] [error] (EAI 2)Name or service not known: Could not resolve host name *.443 -- ignoring!
[Thu Jun 14 11:08:38 2012] [warn] The ScriptAlias directive in /etc/apache2/sites-enabled/default2 at line 18 will probably never match because it overlaps an earlier ScriptAlias.
[Thu Jun 14 11:08:38 2012] [warn] The Alias directive in /etc/apache2/sites-enabled/default2 at line 34 will probably never match because it overlaps an earlier Alias.
[Thu Jun 14 11:08:38 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
* Starting web server apache2 FAIL
However, when I issue service apache2 stop, it'll show:
[Thu Jun 14 11:09:34 2012] [error] (EAI 2)Name or service not known: Could not resolve host name *.443 -- ignoring!
[Thu Jun 14 11:09:34 2012] [warn] The ScriptAlias directive in /etc/apache2/sites-enabled/default2 at line 18 will probably never match because it overlaps an earlier ScriptAlias.
[Thu Jun 14 11:09:34 2012] [warn] The Alias directive in /etc/apache2/sites-enabled/default2 at line 34 will probably never match because it overlaps an earlier Alias.
[Thu Jun 14 11:09:34 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
* Stopping web server apache2 OK
However, afterwards netstat -tulpn| grep :80 still shows:
tcp6 0 0 :::80 :::* LISTEN 23561/apache2
Anyways, when I just kill the process shown above, e.g., kill -9 23561, I can successfully startup apache2 with service apache2 start and see my website again in the browser. So, for me it looks like, there is another apache2 running that uses a completely different configuration. Btw, I already assured that I have only one apache2 installation.
Can you help me out with this? Many thanks in advance!!! :-)