I am migrating some applications from Apache 1.3 to 2.2.
We used to run some tests where attacker opens some HTTP connection to our server, and do nothing. Apache 1.3 would log the following 408 code, for example:
126.1.86.85 - - [01/Dec/2010:06:26:19 +0000] "-" 408 - "-" 0
126.1.86.85 - - [01/Dec/2010:06:26:19 +0000] "-" 408 - "-" 0
But with Apache 2.2, nothing is logged to the log file. I run the same test by using netcat to open the connection:
$ nc IP_victim PORT_victim
$ nc 10.42.37.3 80
I would like to have Apache 2.2 log the same 408 code to the log file, so that we would know of attempted DoS attack from the outside. Do I need any more configuration in Apache 2 to enable this?
I have tried some different configurations such as LogLevel = Debug, Timeout 30, RequestReadTimeout header=10 body=30.
Thanks.
I found this in the Apache mailing list https://issues.apache.org/bugzilla/show_bug.cgi?id=39785. Which talks about this. This looks like it was resolved in apache release 2.2.2. This is the relevent check in http://svn.apache.org/viewvc?view=revision&revision=919323. It has a comment stating "Only log a 408 if it is no keepalive timeout."
So check to see if you have a value for KeepAlive set and check to make sure you're at version 2.2.2 or higher.