HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: webserver sending outbound http request
Operating System - HP-UX
1833875
Members
2364
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2003 09:17 AM
04-09-2003 09:17 AM
webserver sending outbound http request
My apache webserver is running on hpux 11i with c2 security, bastille and is behind a firewall. The firewall administrator noticed that this server is generating some outbound requests from port 80, at times 10-50 requests per second. These requests are, however, blocked and dropped by firewall. Some IPs that it tries to connect to, are not in access.log.
My apache version is 2.0.43.00.05
What can be the cause of this? Badly written cgi/java script? How can I know what content it is trying to access?
thank you
My apache version is 2.0.43.00.05
What can be the cause of this? Badly written cgi/java script? How can I know what content it is trying to access?
thank you
Learn from other's mistakes - life is too short to make all mistakes yourself !
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2003 11:46 AM
04-10-2003 11:46 AM
Re: webserver sending outbound http request
Do you have any more information about the packets?
Seems your firewall administrator might have access to some logs.
Another possibility is to use ipfilter (get it from software.hp.com) to track the packets coming into and going out.
Are you sure it's 'from port 80' and not 'to port 80'? The latter may be explained by running a web browser...getting lots of 'page not found' errors if the requests are blocked.
I don't know what the real problem is, but maybe some more information would give some clues.
-Keith
Seems your firewall administrator might have access to some logs.
Another possibility is to use ipfilter (get it from software.hp.com) to track the packets coming into and going out.
Are you sure it's 'from port 80' and not 'to port 80'? The latter may be explained by running a web browser...getting lots of 'page not found' errors if the requests are blocked.
I don't know what the real problem is, but maybe some more information would give some clues.
-Keith
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2003 12:16 PM
04-10-2003 12:16 PM
Re: webserver sending outbound http request
I would imagine that is input to port 80, not output.
I am still seeing a few code red requests come in on my home cable lan after all these months.
If it really is output, then somehting is really wrong somewhere. If it were a MS machine running IIS, I would suspect a virus.
Tell your firewall admin to turn on tracing and see what is in those request packets.
I am still seeing a few code red requests come in on my home cable lan after all these months.
If it really is output, then somehting is really wrong somewhere. If it were a MS machine running IIS, I would suspect a virus.
Tell your firewall admin to turn on tracing and see what is in those request packets.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2003 08:10 AM
04-11-2003 08:10 AM
Re: webserver sending outbound http request
Keith,
I asked my firewall admin; all he has is port information, not content-info. :-(. It seems he can't get me any more info.
yes, I am sure its outgoing packets from port 80 (as seen in firewall log). There are 100's of thousand incoming connections (as seen in my access log).
John,
I also see some code-red and nimda (in bound) connections in my access log. I was told that apache is not prone to these attacks but just day before, I came to know that all apache servers prior to version 2.0.45 have some type of vulnerability (its not made public yet - so that folks can first patch their web servers!)
HP has not yet released its patched version. I am hoping newer version will help stop these outgoing requests!
BTW, HP's Apache version doesn't co-relate to versions on apache.org anymore. Maybe its embedded somewhere in their readme file.
Do you know of any tool which would help me find 'what outbound requests are being generated by my webserver' (what's the content its trying to reach). I know of nettl utility on HP but I also know it generates 'huge' output!
Or is it possible to 'turn off' requests being generated from port 80 ? Seems unlikely but no harm in asking!
thank you both!
I asked my firewall admin; all he has is port information, not content-info. :-(. It seems he can't get me any more info.
yes, I am sure its outgoing packets from port 80 (as seen in firewall log). There are 100's of thousand incoming connections (as seen in my access log).
John,
I also see some code-red and nimda (in bound) connections in my access log. I was told that apache is not prone to these attacks but just day before, I came to know that all apache servers prior to version 2.0.45 have some type of vulnerability (its not made public yet - so that folks can first patch their web servers!)
HP has not yet released its patched version. I am hoping newer version will help stop these outgoing requests!
BTW, HP's Apache version doesn't co-relate to versions on apache.org anymore. Maybe its embedded somewhere in their readme file.
Do you know of any tool which would help me find 'what outbound requests are being generated by my webserver' (what's the content its trying to reach). I know of nettl utility on HP but I also know it generates 'huge' output!
Or is it possible to 'turn off' requests being generated from port 80 ? Seems unlikely but no harm in asking!
thank you both!
Learn from other's mistakes - life is too short to make all mistakes yourself !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2003 05:55 AM
04-14-2003 05:55 AM
Re: webserver sending outbound http request
Sounds like its not apache. If its really outbound, it looks like someone is running a browser. Netscape, lynx perhaps.
Perhaps you have content on your apache webserver that links to outside web sites? A link to oracle trying to download the oracle gif? When the page loads, there are errors, but not necessarily in your log. I'ts just bad content.
It surely could be a bad cgi script.
I would get the IP address(es) from the firewall admin and do some nslookup on them. Then scan your web content for the website.
For example if the site is metalink.com/ora.gif
find /$APACHE_HOME -exec grep -l 'metalink.com' {} ;
Find the offending doc, and the author and whip the author 20 times with a wet noodle.
SEP
Perhaps you have content on your apache webserver that links to outside web sites? A link to oracle trying to download the oracle gif? When the page loads, there are errors, but not necessarily in your log. I'ts just bad content.
It surely could be a bad cgi script.
I would get the IP address(es) from the firewall admin and do some nslookup on them. Then scan your web content for the website.
For example if the site is metalink.com/ora.gif
find /$APACHE_HOME -exec grep -l 'metalink.com' {} ;
Find the offending doc, and the author and whip the author 20 times with a wet noodle.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP