You are looking at the request log – that doesn’t give us the source.
From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Mel Beckman Sent: Tuesday, December 30, 2008 10:15 AM To: ntop@unipi.it Subject: Re: [Ntop] "**ERROR** URL security" GUI lockouts Can't I just turn on http request logging? Wouldn't that give me a transcript of urls leading to the problem? A clever developer might even think of a way to cache HTML log entries even when disk logging is off, then emitting them along with the offending input. -mel via cell On Dec 30, 2008, at 6:36 AM, "Burton Strauss III" <bur...@ntopsupport.com> wrote: Actually, URL security is working correctly. You sent a bad request and got smacked for it. Why the bad request is the problem… it reads like a missing closing tag, so ntop is seeing some of the generated html as part of the request. You need to figure out which screen it is and then we need to see the failing page… which is tricky because you won’t fail until after it’s gone. You need 3 windows… (1) Before clicking, view source (just leave it open) (2) Click (3) Monitor the log until you see the URL security message. (4) If you don’t get the error, close the source window and return to (1). This way, when it does fail, you can save the source, send it along and tell us what you clicked on. -----Burton From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Mel Beckman Sent: Monday, December 29, 2008 11:07 PM To: ntop@unipi.it Subject: [Ntop] "**ERROR** URL security" GUI lockouts I'm running NTop 3.3.9 on Fedora 10 and encountering a problem I've seen one other person complain about. It looks like a bug to me. NTop appears to collect data and analyze it just fine, but within a few minutes of browsing it I start getting blank screens back instead of HTML. I've tried Firefox and Explorer, and both HTTPS and HTTP, and get the same lockout every time. If I wait about tenmintues, it lets me back it. At the same time the system logs "clearing lockout for addresss xxx.xxx.xxx.xxx". "Here's the log right at the point of failure. Up to this point nothing unusual has been recorded: 29 20:51:50 nprobe1 ntop[4806]: **ERROR** URL security: '/%3CTD%20%20ALIGN=RIGHT%3E8.6%A0Mbit/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E8.7%A0Mbit/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E10.7%A0Mbit/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E1249.3%A0Pkt/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E1244.8%A0Pkt/s%3C/TD%3E%3CTD%20%20ALIGN=RIGHT%3E1535.0%A0Pkt/s%3C/TD%3E%3C/TR%3E%3CTR%20onMouseOver=' rejected (code=4)(client=10.2.10.99) Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address 10.2.10.99 (it previously sent ntop a bad request) Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address 10.2.10.99 (it previously sent ntop a bad request) Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address 10.2.10.99 (it previously sent ntop a bad request) Dec 29 20:51:50 nprobe1 ntop[4806]: **ERROR** Rejected request from address 10.2.10.99 (it previously sent ntop a bad request) **ERROR** URL securityDec 29 21:00:45 nprobe1 ntop[4806]: clearing lockout for address 10.2.10.99 _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
