Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hi,
S5 book has been working fine on a Drupal 5 installation but I've just started getting large numbers of HTTP requests similar to this:
"GET /book/export/s5/sites/all/modules/s5/ui/circle/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/circle/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/circle/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/circle/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/circle/sites/all/modules/s5/ui/circle/sites/all/modules/s5/ui/default/sites/all/modules/s5/ui/circle/sites/all/modules/s5/ui/circle/slides.css HTTP/1.1" 200 1333 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
The requests are all from the same IP address and all have an empty referrer field, so I'm suspicious. There are thousands of similar requests with progressively longer paths. Misconfiguration, bug or someone probing for a vulnerability?
Comments
Comment #1
gregglesAfter discussing with some other folks...apparently this is a common problem with some proxy servers. I don't really know what else to say or do on this one, but will leave active in case anyone else has ideas.
Comment #2
davej CreditAttribution: davej commentedThanks for the feedback. The requests were strange in themselves, but also strange I thought was that they got a 200 response code. As a workaround, I put this in httpd.conf:
My first version of this wasn't general enough and only caught some requests, but I think it helped: whereas each successful (200) request was followed by another, longer request, the 404 seemed to stop the cycle. I haven't had any similar requests since I put in the general version of the RedirectMatch, so can't say for sure that it resolves the problem but I'm hopeful. I'll post back if there are further developments.