Re: Salida extraña en tail -f /var/log/apache2/access.log
These byte sequences in your logs look like the beginning of SSL version
2 client hello packets, and result from some HTTPS clients connecting to
a port where your web server expects plain HTTP, not HTTPS. Your web
server tries to interpret the start of SSL handshake as the HTTP request
method.
So you have two problems here:
Someone tries to talk HTTPS to a port on which your web server
expects HTTP. This may be a misconfiguration of your server (e.g., you
added a Listen 443 directive, but did not enable HTTPS correctly), or
just the result of port scans from dumb robots which try HTTPS on
nonstandard ports. Or this may be caused by a client misconfiguration
(something like https://example.com:80/ could result in such behavior).
Your server for some reason replies with status code 200 to requests
with a bogus method. While Apache itself should not handle such unknown
methods, PHP by default accepts everything and passes the request to the
script. Together with some rewrite rules which cause request for
nonexistent files to be passed to index.php (commonly used to get “clean
URLs”) and scripts which do not check $_SERVER['REQUEST_METHOD'] this
could result in the behavior you see here.
And if the clients sending those requests are controlled by you, then
you have a third problem — those clients are using the obsolete and
insecure SSL v2 protocol (they advertise support for SSL version 3.1,
which is actually TLS 1.0, but would accept SSL v2 responses from the
server, so they are vulnerable to a protocol downgrade attack due to
missing integrity protection for handshake in SSL v2).
http://serverfault.com/questions/476318/apache-access-log-x80w-x01-x03-x01
Reply to: