Hi, I just spent 1-2 hours tracking down what turned out to be
"internal dummy connection". In my log files I get a ton of:
::1 - - [02/Mar/2007:19:31:22 -0800] "GET /" 400 705 "-" "-"
For others, at least the log line would say "Apache/... (internal
dummy connection)", for easy Googling; for me, unfortunately not.
I thought this was something from a broken cron job, CGI script,
etc. Only through using wireshark did I eventually track this
down.
The reason it's a 400 and doesn't show the user agent string is
that httpd is connecting to itself on an SSL port, and issuing a
regular non-SSL GET request [mpm_common.c dummy_connection()]. I
guess even though this is an invalid request this accomplishes the
goal of connecting to itself and closing the connection, but
leaves a mess in the log file. I understand that I can grep these
lines away before running a log file analyzer, but it still causes
a ton of confusion especially when it doesn't even have the
"internal dummy connection" string, and from what I found from
Googling, creates unnecessary confusion even when that string is
present. Also other issues like noise in the log file. I've also
seen people complaining that "GET /" might incur the cost of
dynamic content generation for /.
Would it be possible to connect to a non-SSL port, if possible, so
at least the string "internal dummy connection" shows up?
Even better would be to not show that string at all. When I
connect to httpd and close the connection without sending
anything, I don't get any log entries. Would that work for
dummy_connection() also? If that won't work, would it be possible
to arrange something like: a receipt of "NOOP\r\n" on
(ip6-)?localhost:* is ignored without logging (unless configured
otherwise).
--
Karl 2007-03-02 20:28
