0

I have a CentOS 7 server, with 5-6 domains (one being the main domain, the others subdomains).

Ever since installing Lets Encrypt and handling the redirections in httpd-vhost.conf, the access log has been filling up with requests from localhost / my server's IP. Using this:

cat /var/logs/domains/example.com-access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -n 1

yields 214,900 requests made by the server to itself. In comparison, the next top number of requests (Googlebot) is between 1,000 and 2,000.

The requests look something like this (* used as placeholder for my server's IP)

*.*.*.* - - [26/Aug/2021:03:44:10 +0200] "GET /wp-content/uploads/2017/04/myimg-01.jpg HTTP/1.0" 200 125763 "-" "-"

Is this normal behaviour? I have Lets Encrypt and redirections on other servers (same OS, same settings), and this isn't happening there.

If this isn't normal behaviour, what can I do to find out the root cause of it?

FiddlingAway
  • 123
  • 6
  • 1
    why are you hiding localhost ip? 127.0.0.0/8 is known by the whole internet and yes that could be correct in case of an reverse proxy setup – djdomi Aug 26 '21 at 17:08
  • @djdomi Because it's not showing as 127.0.0.1, it's showing the way it would if I were to remotely ping any of the domains on that server. For example, let's say that my server's real IP is 123.456.789.012. That's what shows up in the access logs. – FiddlingAway Aug 27 '21 at 05:51
  • well to answer your questions, you have to show your vhosts else we won't get further deeper into the situation – djdomi Aug 28 '21 at 07:52

0 Answers0