They are mostly using GET but there were a couple of HEAD requests. The requests are coming from cloud accounts on Google and Amazon. They are using several variations of the URL most get 404 errors, which is responded with by a custom 404 page, this is the only one that is getting a 400 error.
Darryl Baker, GSEC, GCLD (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 4th Floor 2020 Ridge Avenue Evanston, IL 60208-0801 [email protected]<mailto:[email protected]> (847) 467-6674<tel:+18474676674> From: Frank Gingras <[email protected]> Reply-To: Apache httpd Users <[email protected]> Date: Tuesday, November 1, 2022 at 9:32 AM To: Apache httpd Users <[email protected]> Subject: Re: [users@httpd] Questionable URL being sent to our server What is the HTTP method you see in the logs? Either way, they may trying to use your server as an open proxy, and failing to do so. On Tue, 1 Nov 2022 at 10:27, Darryl Philip Baker <[email protected]<mailto:[email protected]>> wrote: We are getting a poorly formed URL being requested from our servers. Apache is returning a 400 error but I am wondering if someone is try to exploit an issue with some version of some web server out there. Maybe a Dos attack or worse. Anyone have a clue what is being attempted? Sketchy URL: https://www.northwestern.edu/accounting-scrvices/Annual%252ORepothtm Darryl Baker, GSEC, GCLD (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 4th Floor 2020 Ridge Avenue Evanston, IL 60208-0801 [email protected]<mailto:[email protected]> (847) 467-6674<tel:+18474676674>
