Hi Eliot, It’s difficult to tell which requests are sent to BaseX. Maybe you can use a networking monitoring tool such as Wireshark to get more hints?
Best, Christian On Sun, Feb 25, 2024 at 11:59 PM Eliot Kimber <eliot.kim...@servicenow.com> wrote: > I have an application (our Mirabel system) running on a server inside our > firewall (so not visible to the open Internet). > > > > I’ve recently started seeing messages like this in the log: > > Access denied: ����. > > Access denied: PRI * HTTP/2.0 SM . > > > > Where the value reported can be quite varied, but is often unrenderable > characters or other stuff. (In this case the characters are all \uFFFD). > > The log messages all report the same IP address. > > > > This server does not use named users, so there’s no authentication > required to access it. > > > > The IP address is not one of my own servers, so I don’t think it’s > something generated by my own code. > > > > Any idea what this might be? It’s started relatively recently, which makes > me think it might be some sort of penetration test. > > > > Cheers, > > > > E. > > _____________________________________________ > > *Eliot Kimber* > > Sr Staff Content Engineer > > O: 512 554 9368 > > M: 512 554 9368 > > servicenow.com <https://www.servicenow.com> > > LinkedIn <https://www.linkedin.com/company/servicenow> | Twitter > <https://twitter.com/servicenow> | YouTube > <https://www.youtube.com/user/servicenowinc> | Facebook > <https://www.facebook.com/servicenow> >