How can I avoid non-existent file -systematically- requests?

Question

This is my apache httpd log:

[Wed May 13 18:29:48 2015] [error] [client 108.162.213.59] File does not exist: /www/html/ui/core.min.js

[Wed May 13 18:29:48 2015] [error] [client 108.162.210.161] File does not exist: /www/html/ui/ico.favorites.gif

[Wed May 13 18:29:49 2015] [error] [client 108.162.213.35] File does not exist: /www/html/ui/social.facebook.gif

[Wed May 13 18:29:49 2015] [error] [client 108.162.210.146] File does not exist: /www/html/ui/success.gif

[Wed May 13 18:29:49 2015] [error] [client 108.162.210.167] File does not exist: /www/html/ui/ico.twitter.gif

[Wed May 13 18:29:49 2015] [error] [client 108.162.210.165] File does not exist: /www/html/ui/social.twitter.gif

[Wed May 13 18:29:49 2015] [error] [client 108.162.210.147] File does not exist: /www/html/ui/ico.facebook.gif

[Wed May 13 18:29:49 2015] [error] [client 108.162.210.42] File does not exist: /www/html/ui/social.buzz.gif

[Wed May 13 18:29:49 2015] [error] [client 108.162.210.147] File does not exist: /www/html/ui/social.delicious.gif

The /www/html/ui/ directory hasn't existed for a long time though (2 years), so I'm guessing whoever is still trying to systematically access those files, must have indexed the files a long time ago.

My log gets filled with these requests, which of course do throw a 404 error. Because the requests come from different IP addresses, I can't just block the IP.

I wonder what is the best course of action to take in this scenario. All ideas are welcomed.

actually yes, because the error_log file gets huge! i can't turn off the error logging because i also need to check on other problems. — Carlos Santos, May 13 '15 at 19:10
Are you using logrotate? Just turn on compression and you won't even notice the size increase. — EEAA, May 13 '15 at 19:11
@EEAA done. Still is frustrating to have those requests, at least now the log will be size limited. — Carlos Santos, May 13 '15 at 20:13

score 1 · Accepted Answer · answered May 13 '15 at 21:08

Andres,

There are many different ways to take care of this.. What is going on in your logs.. One of many browser exploits that bots are doing exploits. Most of these bots were targeting Microsoft servers, and now web apps with security holes.

You can in your web server config create black list rules. The link below has some good examples of different ways to take care of this with "mod-rewrite" if enabled.

Best there is to either refer them to themselves or drop/delete the request and not process it.

That way your servers performance will improve by not having to search all its configs and files for the URL being asked.

It is an administrative pain. One of the better ways of taking care of it. Unless like commented above.. you have a caching server in front of your web-server..

https://perishablepress.com/eight-ways-to-blacklist-with-apaches-mod_rewrite/

Hope this helps a bit. Cheers...

How can I avoid non-existent file -systematically- requests?

1 Answers1