Empty/Null Apache request entries in access log
This entry got logged in a Apache access log:
IP ADDRESS - - [00/00/0000:00:00:00 -0000] " " 301 - "-" "-"
It was detected by LogWatch as a null HTTP Response and also got marked as a successful probe..
I am curious about how this request about made and how it is considered a successful probe. Here is what I can decipher with specific questions:
- Their request was " " - what does this mean?
- HTTP return code was 301: this website has a redirect defined in the Apache config - perhaps they were hitting the URL which triggers this redirect?
- They were not using a proper HTTP request
- They got "-" size return back - what does this mean?
It was an empty request.
-
%r
is actually the first line of their request, which means they sent an empty request. In other words, no headers, no body, nothing. It was likely a socket connection to port 80. - The 301 was likely not to the website--remember, they have nothing defined in their request, including the desired file on your web site.
- Exactly.
-
-
means that no data was returned to the client, not to be confused with a size of zero.
In other words, this was probably somebody opening and closing a connection against port 80, without sending or receiving any data.