Koozali.org: home of the SME Server

client sent HTTP/1.1 request without hostname (see RFC261

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
client sent HTTP/1.1 request without hostname (see RFC261
« on: March 18, 2021, 07:38:36 PM »
This is the log entry [client 66.249.93.211] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)

Im seeing fail2ban bans on what appears to be google. From googling myself it appears its caused when using an _ in a domain name. Im not doing this so. Id like to get to the bottom of it as fail2ban is banning the IP and if it is a spider that wont do my ranking anygood?

James

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: client sent HTTP/1.1 request without hostname (see RFC261
« Reply #1 on: March 18, 2021, 08:32:49 PM »
This is the log entry [client 66.249.93.211] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)

Im seeing fail2ban bans on what appears to be google. From googling myself it appears its caused when using an _ in a domain name. Im not doing this so. Id like to get to the bottom of it as fail2ban is banning the IP and if it is a spider that wont do my ranking anygood?

You can whitelist IPs but better to get to the bottom of it all.

You are going to have to give us a bit more info on your setup though.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: client sent HTTP/1.1 request without hostname (see RFC261
« Reply #2 on: March 19, 2021, 01:43:56 PM »
Ive tried whitelisting via the server manager but it appears that doesnt work? I havnt tried using the command line.

setup wise. I have 5 domains on this server non have an _ in them.
I see i can set apache to an 'unsafe' option but the word itself causes me concern im sure it will cause other issues if enabled.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: client sent HTTP/1.1 request without hostname (see RFC261
« Reply #3 on: March 19, 2021, 02:18:33 PM »
Quote
You are going to have to give us a bit more info on your setup though.

So some proper logs. And why you think this is bad.

Have you looked up the IP?

dig -x 66.249.93.211
211.93.249.66.in-addr.arpa. 43200 IN   PTR   google-proxy-66-249-93-211.google.com.

I suspect someone is using a Google Proxy to disguise attempts to use your server. It quite possibly it isn't Google itself. Again, check your logs and look at what a Google spider connection looks like. Have a look at what a Google proxy does.

You need to show some proper logs on the connection attempts. Just wildly guessing at stuff won't get it fixed.

You need to be organised & methodical.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation