error_log & access logs showing redirection errors

[KubeR]

Hello,

 

Recently I put my websites up, but since then it constantly records entrys from domains which are trying to reach strange paths.

 

 

103.19.87.175 - - [18/Jun/2014:12:07:12 -0400] "CONNECT www.walmart.com:443 HTTP/1.1" 405 307 "-" "-"

198.100.98.214 - - [18/Jun/2014:12:07:23 -0400] "CONNECT www.amazon.com:443 HTTP/1.1" 405 306 "-" "-"

168.63.216.55 - - [18/Jun/2014:12:07:30 -0400] "GET http://luongson.servegame.com/ HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"

31.6.71.243 - - [18/Jun/2014:12:07:34 -0400] "GET http://www.proxy-listen.de/azenv.php HTTP/1.1" 404 1402 "http://www.google.de/search?q=www.proxy-listen.de" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) (Prevx 3.0.5)"

168.63.216.55 - - [18/Jun/2014:12:07:39 -0400] "GET http://luongson.servegame.com/ HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"

192.155.106.104 - - [18/Jun/2014:12:07:39 -0400] "GET http://pm.5188bh.com/header53621.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; FunWebProducts)"

192.155.106.116 - - [18/Jun/2014:12:07:48 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1)"

80.138.67.164 - - [18/Jun/2014:12:08:00 -0400] "GET http://www.proxy-listen.de/azenv.php HTTP/1.1" 404 1402 "http://www.google.com/search?q=related%3Awww.proxy-listen.de" "Opera/9.20 (Windows NT 6.0; U; en)"

192.155.106.109 - - [18/Jun/2014:12:08:03 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1; HbTools 4.7.0)"

98.126.248.250 - - [18/Jun/2014:12:08:06 -0400] "GET http://121.199.31.193/proxyheader.php HTTP/1.1" 404 1402 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; de-DE; rv:1.8.1.21) Gecko/20090331 K-Meleon/1.5.3"

61.228.20.235 - - [18/Jun/2014:12:08:07 -0400] "CONNECT mx0.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-"

192.155.106.106 - - [18/Jun/2014:12:08:09 -0400] "GET http://pm.5188bh.com/judgelife.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"

61.228.24.110 - - [18/Jun/2014:12:08:10 -0400] "CONNECT mx2.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-"

61.228.88.55 - - [18/Jun/2014:12:08:21 -0400] "CONNECT mx3.mail2000.com.tw:25 HTTP/1.0" 405 310 "-" "-"

192.155.106.124 - - [18/Jun/2014:12:08:24 -0400] "GET http://pm.5188bh.com/judgelife.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Acoo Browser; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)"

204.44.65.54 - - [18/Jun/2014:12:08:35 -0400] "CONNECT www.walmart.com:443 HTTP/1.1" 405 307 "-" "-"

192.155.106.105 - - [18/Jun/2014:12:08:36 -0400] "GET http://pm.5188bh.com/header53621.php HTTP/1.1" 404 1402 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Acoo Browser; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; InfoPath.2)"

[Wed Jun 18 12:07:30 2014] [error] [client 168.63.216.55] Directory index forbidden by Options directive: /var/www/html/

[Wed Jun 18 12:07:30 2014] [error] [client 168.63.216.55] File does not exist: /var/www/html/error/noindex.html

[Wed Jun 18 12:07:34 2014] [error] [client 31.6.71.243] script '/var/www/html/azenv.php' not found or unable to stat, referer: http://www.google.de/search?q=www.proxy-listen.de

[Wed Jun 18 12:07:39 2014] [error] [client 168.63.216.55] Directory index forbidden by Options directive: /var/www/html/

[Wed Jun 18 12:07:39 2014] [error] [client 168.63.216.55] File does not exist: /var/www/html/error/noindex.html

[Wed Jun 18 12:07:39 2014] [error] [client 192.155.106.104] script '/var/www/html/header53621.php' not found or unable to stat

[Wed Jun 18 12:07:48 2014] [error] [client 192.155.106.116] script '/var/www/html/proxyheader.php' not found or unable to stat

[Wed Jun 18 12:08:00 2014] [error] [client 80.138.67.164] script '/var/www/html/azenv.php' not found or unable to stat, referer: http://www.google.com/search?q=related%3Awww.proxy-listen.de

[Wed Jun 18 12:08:03 2014] [error] [client 192.155.106.109] script '/var/www/html/proxyheader.php' not found or unable to stat

[Wed Jun 18 12:08:06 2014] [error] [client 98.126.248.250] script '/var/www/html/proxyheader.php' not found or unable to stat

[Wed Jun 18 12:08:09 2014] [error] [client 192.155.106.106] script '/var/www/html/judgelife.php' not found or unable to stat

[Wed Jun 18 12:08:24 2014] [error] [client 192.155.106.124] script '/var/www/html/judgelife.php' not found or unable to stat

[Wed Jun 18 12:08:36 2014] [error] [client 192.155.106.105] script '/var/www/html/header53621.php' not found or unable to stat

Is there away to stop those fail path reach logs and only records what's else ?

Or even completely stop it ?

 

 

My operation system is CentOS 32bit.

[requinix]

They're looking for open proxies.

 

It's normal, and as long as you're not vulnerable it's nothing to worry about. If you want to take the extra step to totally block access you can do

RewriteEngine on
RewriteCond %{REQUEST_URI} ^[^?]*://
RewriteRule ^ - [F,L]

More powerful would be modsecurity, but the default install tends to block some legitimate requests so it may take some fine-tuning.

[KubeR]

Okay,I managed to install mod_security and added the RewriteEngine in .htacces as extra.

But it doesn't seem to work.

error_log

 

 

[Thu Jun 19 11:22:34 2014] [error] [client 173.208.195.108] Directory index forbidden by Options directive: /var/www/html/

[Thu Jun 19 11:22:34 2014] [error] [client 173.208.195.108] File does not exist: /var/www/html/error/noindex.html

[Thu Jun 19 11:22:35 2014] [error] [client 180.183.235.120] Directory index forbidden by Options directive: /var/www/html/, referer: http://www.google.nl/search?q=www.bing.com%20microsoft.com

[Thu Jun 19 11:22:35 2014] [error] [client 180.183.235.120] File does not exist: /var/www/html/error/noindex.html, referer: http://www.google.nl/search?q=www.bing.com%20microsoft.com

[Thu Jun 19 11:22:42 2014] [error] [client 107.150.39.154] File does not exist: /var/www/html/Preview, referer: http://www.turbosquid.com/3d-models/3d-model-horse-anatomy/613232

access_log looks the same...

If it's normal then I think the best option will be to turn off the logging completely, because I waste lots of storage on just storing these logs.

Edited June 19, 2014 by KubeR

[kicken]

You could possibly get them out of your access log using something like this:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^[^?]*://
RewriteRule ^ - [F,L,E=nolog]


CustomLog logs/access_log common env=!nolog

If you're ok with just disabling logging entirely though then might as well go that route and make things easier. If you'd prefer to keep logging enabled then probably the easiest thing to do would be to just make sure you have log rotation setup and configure that as needed to limit the size of your log files and keep the disk usage in check.