httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Rubio Dalmau <felixrubiodal...@gmail.com>
Subject [users@httpd] SSL access without the certificates?
Date Thu, 14 Feb 2013 07:52:59 GMT
Hi all,

	I have set up an apache server to be used privately by my family, and I 
have secured it by using SSL certificates (high grade ciphers, the client 
certificate is required), mod-evasive is enabled, etc. The question is: with this 
setup, how is possible that I get this entries in the log files?

[IP ADD] - - [07/Feb/2013:03:28:21 +0100] "GET /" 400 458 "-" "-"
[IP ADD] - - [09/Feb/2013:13:46:29 +0100] "-" 408 2919 "-" "-"
[IP ADD] - - [11/Feb/2013:17:07:21 +0100] "-" 408 3684 "-" "-"

I do not understand why the request in entries 2 and 3 has not been logged by 
the apache, but it is even worse that a client without the certificate has been 
able to do a "GET /". If that IP did not have the certificate this request should 
have been just ignored, right?

Does anyone know what can be happening here?

Regards!

-- 
Felix Rubio Dalmau

Mime
View raw message