I have Apache2.4 installed on my dev PC (windows 10)
Viewing my Apache24\logs\access.log file, I noticed suspect entries such as:
www.-----.com - - [01/Jan/2018:10:45:19 -0200] "GET /SOME-PERSONAL-DEV-PROJECT/admin/ HTTP/1.1" 200 21061 www.-----.com - - [02/Jan/2018:07:04:00 -0200] "GET /phpmyadmin/sql.php?server=1&db=-----&table=-----&pos=0&token=ea www.-----.com - - [02/Jan/2018:07:04:01 -0200] "GET /phpmyadmin/sql.php?server=1&db==-----&&table==-----&&pos=0&token=ea www.-----.com - - [02/Jan/2018:07:04:08 -0200] "GET /phpmyadmin/index.php?ajax_request=1&recent_table=1&token=ea
I have ‘phpmyadmin’ on localhost and also ‘SOME-PERSONAL-DEV-PROJECT’ is another folder in my localhost for personal web dev stuff.
‘www.—–.com’ is a known ad network domain and I know they are related to shady stuff.
So in my httpd.conf file I have this config rule:
<Directory "c:/htdocs"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes Includes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # AllowOverride FileInfo AuthConfig Limit # AllowOverride All # # Controls who can get stuff from this server. # Require local </Directory>
From my understanding, “Require local” would prevent anything that is not localhost to be able to make requests to the files in my local machine
So my question is, why is this domain apparently being successful in accessing files from my local dev machine?
Those logs are showing your own requests to the web server.
We see from your comment that you said you added
127.0.0.1 www.-----.com to the Windows hosts file.
Unfortunately, you have Apache configured to do reverse DNS lookups on IP addresses before logging them. Somewhere in your Apache configuration is:
So, instead of logging
127.0.0.1, Apache logged
www.-----.com, because when it did a hostname lookup on 127.0.0.1, that name was provided from the hosts file.
Change this to
Off, and your logs will begin showing correct IP addresses again.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.