I would not attribute this to a "DoS", as you can't really DoS httpd with a single request. It looks like plain URL encoding.
If those log entries bother you, firewall their IP range(s). On Tue, 1 Nov 2022 at 11:13, Darryl Philip Baker < darryl.ba...@northwestern.edu> wrote: > They are mostly using GET but there were a couple of HEAD requests. The > requests are coming from cloud accounts on Google and Amazon. They are > using several variations of the URL most get 404 errors, which is responded > with by a custom 404 page, this is the only one that is getting a 400 error. > > > > *Darryl Baker, *GSEC, GCLD (he/him/his) > > Sr. System Administrator > > Distributed Application Platform Services > > *Northwestern University* > > 4th Floor > > 2020 Ridge Avenue > > Evanston, IL 60208-0801 > > *darryl.ba...@northwestern.edu <darryl.ba...@northwestern.edu>* > > (847) 467-6674 <+18474676674> > > > > *From: *Frank Gingras <thu...@apache.org> > *Reply-To: *Apache httpd Users <users@httpd.apache.org> > *Date: *Tuesday, November 1, 2022 at 9:32 AM > *To: *Apache httpd Users <users@httpd.apache.org> > *Subject: *Re: [users@httpd] Questionable URL being sent to our server > > > > What is the HTTP method you see in the logs? > > > > Either way, they may trying to use your server as an open proxy, and > failing to do so. > > > > > > On Tue, 1 Nov 2022 at 10:27, Darryl Philip Baker < > darryl.ba...@northwestern.edu> wrote: > > We are getting a poorly formed URL being requested from our servers. > Apache is returning a 400 error but I am wondering if someone is try to > exploit an issue with some version of some web server out there. Maybe a > Dos attack or worse. Anyone have a clue what is being attempted? > > > > Sketchy URL: > https://www.northwestern.edu/accounting-scrvices/Annual%252ORepothtm > > > > *Darryl Baker, *GSEC, GCLD (he/him/his) > > Sr. System Administrator > > Distributed Application Platform Services > > *Northwestern University* > > 4th Floor > > 2020 Ridge Avenue > > Evanston, IL 60208-0801 > > *darryl.ba...@northwestern.edu <darryl.ba...@northwestern.edu>* > > (847) 467-6674 <+18474676674> > >
