Apache Logs DNS Root server IP Addresses only
- From: Sentine| <googleacct@xxxxxxxxxxxxxxx>
- Date: Thu, 23 Aug 2007 21:31:55 -0700
This issue started happening after upgrading a server from a single
processor to an 8 cpu monster. The Apache logs (both access and error)
contain only ROOT DNS server IP addresses for all virtual and non
hosts.
eg:
168.137.203.9 - - [23/Aug/2007:20:26:14 -0700] "GET {URL} HTTP/1.1
" 200 308 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; S
V1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR
1.1.4322)"
168.137.203.9 - - [23/Aug/2007:20:26:21 -0700] "GET {URL} HTTP/1.1"
304 - "-" "
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
128.1.0.0 - - [23/Aug/2007:20:26:24 -0700] "GET {URL} HTTP/1.1" 200
5162 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5)
Gecko/20070321 Netscape/8.1.3"
Three different people all associated with what I believe to be a root
DNS server. Almost 25K people visit the site each day, it isn't
possible for all of them to be originating from 3 IP Addresses
especially considering the sites are geared towards a younger audience
than H&R Block. :-)
The Apache (2.0.59:prefork) conf where the virtualhosts are defined:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName tidal.gdofwr.com # resolves to a real IPv4 address
DocumentRoot /www/htdocs/tidal-main/
# Used without rotatelogs produces the same results
CustomLog "|/www/apache/sbin/rotatelogs /www/log/tidal-main/access-
%Y_%m_%d.log 1990M" combined
ErrorLog log/tidal-main/error.log
<Directory /www/htdocs/tidal-main>
Options -Indexes
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName fireball.gdofwr.com # resolves to a real IPv4 address
DocumentRoot /www/htdocs/fireball-main/
CustomLog "|/www/apache/sbin/rotatelogs /www/log/fireball-main/
access-%Y_%m_%d.log 1990M" combined
ErrorLog log/fireball-main/error.log
<Directory /www/htdocs/fireball-main>
Options -Indexes
</Directory>
</VirtualHost>
Other services running include: bind 9.2.4-24, vsftpd 2.0.1-5, MySQL
5.1, nagios, iptables +apf, sendmail, SVN (compiled with neon),
BerkeleyDB 4.4 and xinetd. The OS is CentOS4 using Kernel version
2.6.9-55.0.2.ELsmp
Bind seemed a likely culprit and I turned off using my own DNS to
using the web providers DNS but the problem persisted. The only other
likely issue I can think of might be something to do with a rule with
iptables / forwarding, but after turning off the firewall the problem
still existed.
I've searched through the Apache mailing list archive for a solution /
cause, and then searched through the archives on this group and
several others.
Why is Apache logging root DNS IP addresses instead of logging the
user' incoming IP address? I'm sure it's something dead simple I'm
missing, but if anyone can assist it would be immensely appreciated.
The Apache server is "hand built" from a script (APR 0.9.14):
#! /bin/sh
#
# Created by configure
"./configure" \
"--enable-layout=Blackhole" \
"--disable-ipv6" \
"--enable-ssl" \
"--enable-deflate" \
"--enable-mime-magic" \
"--enable-static-htpasswd" \
"--enable-static-rotatelogs" \
"--enable-static-logresolve" \
"--enable-ext-filter" \
"--enable-rewrite" \
"--enable-dav" \
"--enable-so" \
"--with-apr=/usr/local/apr/bin/apr-config" \
"--with-apr-util=/usr/local/apr/bin/apu-config" \
"--with-berkeley-db=/usr/local/BerkeleyDB.4.4/" \
"--enable-suexec" \
"--with-mpm=prefork" \
"--enable-modules=MOST" \
Thank you.
.
- Follow-Ups:
- Re: Apache Logs DNS Root server IP Addresses only
- From: Sentine|
- Re: Apache Logs DNS Root server IP Addresses only
- Prev by Date: telnet session times out
- Next by Date: Re: telnet session times out
- Previous by thread: telnet session times out
- Next by thread: Re: Apache Logs DNS Root server IP Addresses only
- Index(es):
Relevant Pages
|
