2

I'm running a small web-server on a Raspberry Pi Model B+ system running Rasbian from the NOOBS install image. I have apache2 running and a DDNS service providing a URL (from duckdns.org). I'm relatively new at this, but I know my way around linux filesystem stuff. When I dig into the access.log file, I find a bunch of GET requests for a wpad.dat file all originating from 127.0.0.1. Hundreds of these seem to pop up at a time, originating from the server for some reason?

Below is a small sample:

access.log

127.0.0.1 - - [30/Sep/2014:00:06:01 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

127.0.0.1 - - [30/Sep/2014:00:06:02 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

127.0.0.1 - - [30/Sep/2014:00:06:07 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

127.0.0.1 - - [30/Sep/2014:00:06:10 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

127.0.0.1 - - [30/Sep/2014:00:06:12 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

127.0.0.1 - - [30/Sep/2014:00:06:12 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

127.0.0.1 - - [30/Sep/2014:00:06:12 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

127.0.0.1 - - [30/Sep/2014:00:06:12 +0000] "GET /wpad.dat HTTP/1.1" 404 479 "-" "-"

There are about 2,400 of these lines in the log(s), which are only about three days old. I understand wpad.dat has something to do with proxies, but I to the best of my knowledge I never configured anything for that. I know how to set up the logs to filter out these requests, but should I be concerned that this is happening in the first place?

I searched for anyone having similar issues, but none appeared the same. Sorry if this question is redunant. Let me know if there's any more information I should provide. Thanks. :)

Community
  • 1
andyman
  • 21
  • 1
  • 2

1 Answers1

1

it's the web proxy autodiscovery protocol... (http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol)

Did you setup any weird dns records (specifically *.something.tld) that would point to 127.0.01?

why it is coming from 127.0.0.1 .... Try running netstat -punta | grep 127.0.0.1:80 see if you can track down the process on the webserver making the calls..

Daniel Widrick
  • 3,418
  • 2
  • 12
  • 26
  • I am using DuckDNS to get a URL pointing to my IP address (i.e., andyschmidt.duckdns.org). But I didn't configure anything especially for that, other than their little script that keeps the IP address up to date, which just uses curl to tell the duckdns server my IP. I looked up what wpad.dat was for, but I never had to mess with anything to do with proxies or configure anything DNS related that I remember. Also, I tried the netstat command, but it gives no output. – andyman Oct 01 '14 at 22:42