detect loop redirection?
- Thread starter anewday
- Start date
I got the same error today. A visitor or bot from Shanghai on 61.152.244.44 came probing against the direct IP of the server, searching for vulnerable code, using a user agent that was blocked by a LSWS server rule.
This is from the access log:
This is from the error log:
In the code above, you will also note that I have set a custom page for 403 errors, which redirects them to use the same page as 404 errors.
Is this 'detect loop redirection' anything to worry about? It seems that somehow an error has been generated, but I can't understand why. The LSWS is still running fine.
I think the 'manager/html' page they were looking for relates to several potential vulnerabilities in a variety of web applications.
This is from the access log:
Code:
61.152.244.44 - - [19/Jul/2008:11:20:42 ] "GET /manager/html HTTP/1.1" 403 381 "-" "Mozilla/3.0 (compatible; Indy Library)"
Code:
2008-07-19 11:20:42.160 [NOTICE] [61.152.244.44:1513-0#Example] [client 61.152.244.44] mod_security: Access denied with code 403, [Rule: 'HEADER_USER_AGENT' 'Indy Library']
[Msg: Badbot blocked]
2008-07-19 11:20:42.179 [NOTICE] [61.152.244.44:1513-0#Example] Content len: 0, Request line:
GET /manager/html HTTP/1.1
2008-07-19 11:20:42.179 [NOTICE] [61.152.244.44:1513-0#Example] Redirect: #1, URL: /error404.html
2008-07-19 11:20:42.179 [ERROR] [61.152.244.44:1513-0#Example] detect loop redirection.Is this 'detect loop redirection' anything to worry about? It seems that somehow an error has been generated, but I can't understand why. The LSWS is still running fine.
I think the 'manager/html' page they were looking for relates to several potential vulnerabilities in a variety of web applications.
Last edited:
And again:
I know it isn't a fatal error, so I am not worried about it, but it keeps coming up. 
Code:
2008-07-24 02:40:45.357 [NOTICE] [218.58.226.13:4455-0#Example] [client 218.58.226.13] mod_security: Access denied with code 403, [Rule: 'HEADER_USER_AGENT' 'Indy Library']
[Msg: Badbot blocked]
2008-07-24 02:40:45.378 [NOTICE] [218.58.226.13:4455-0#Example] Content len: 0, Request line:
GET /manager/html HTTP/1.1
2008-07-24 02:40:45.378 [NOTICE] [218.58.226.13:4455-0#Example] Redirect: #1, URL: /error404.html
2008-07-24 02:40:45.378 [ERROR] [218.58.226.13:4455-0#Example] detect loop redirection.
Last edited:
The /error404.html page is a custom static page that I have all my 404 and 403 etc errors point to, with the idea that by pointing all error codes to one standard response page I will give [unsophisticated] attackers minimal information about how the server responds to various types of problems.
Perhaps the issue may be that when LSWS is asked to deal with a 403 response, it's default behaviour is to respond with zero bytes of nothing, and also not log its response (as discussed previously in this forum).
And yet the security rule here is telling LSWS to explicitly record the error as a 403, and other server settings are also telling LSWS to serve up a custom page when it is asked to process a 403.
Maybe that causes some issues for the internal logic of the LSWS code.
Perhaps the issue may be that when LSWS is asked to deal with a 403 response, it's default behaviour is to respond with zero bytes of nothing, and also not log its response (as discussed previously in this forum).
And yet the security rule here is telling LSWS to explicitly record the error as a 403, and other server settings are also telling LSWS to serve up a custom page when it is asked to process a 403.
Maybe that causes some issues for the internal logic of the LSWS code.
All server errors except 401 were being pointed to a custom static file called error404.html, which does exist as an actual file in the server default root.
What I've done instead is modify the BadBot blocking security rule to just deliver a 404 response if it gets a match, and not deliver a 403 response.
If that doesn't work, I'll try your suggestion next.
What I've done instead is modify the BadBot blocking security rule to just deliver a 404 response if it gets a match, and not deliver a 403 response.
If that doesn't work, I'll try your suggestion next.