Apache logs full of empty POST /
A customer's site access_logs tons of empty POSTs requests on / from
hundreds of different source IPs:
X.X.X.X - - [27/Aug/2013:16:54:23 +0200] "POST / HTTP/1.1" 200 20718
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
The log grows exponentially and without further info (errors and so on),
and increase the overall load of the web server.
Blocking IPs or setting iptables rate doesn't solve the problem, because
new IPs start POSTing.
The webapp seems not compromised and a DoS is not justified (has less than
100 visits daily).
What would you do here? I fear that trying to filter through mod_security
couldn't help, since POSTs would always come.
The webapp runs on Apache2 with mod_php, GNU/Linux ubuntu.
No comments:
Post a Comment