1

I have a rails app running with Apache and Passenger and virtual hosts (multiple apps running on same server)

Since 3 days ago, my logs are full of strange errors:

Missing template users/login, application/login with {:locale=>[:en], :formats=>["Accept: */*"], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby, :coffee, :jbuilder]}. Searched in:
* "/home/deployer/rails_apps/vantano/releases/20160318190203/app/views"
------------------------------- Request:

* URL        : http://www.baidu.com/
* HTTP Method: GET
* IP address : 222.186.21.107
* Parameters : {"controller"=>"users", "action"=>"login"}
* Timestamp  : 2016-05-12 18:14:12 UTC
* Server : eemvantano
* Rails root : /home/deployer/rails_apps/vantano/releases/20160318190203
* Process: 25133

Now, there is views/users/login.erb.html, but the strange part is the URL. My site is not baidu. Added Env dump to logs, more strange things:

------------------------------- Environment:

* HTTP_ACCEPT                                    : Accept: */*
* HTTP_HOST                                      : www.baidu.com
* HTTP_PROXY_CONNECTION                          : Keep-Alive
* HTTP_REFERER                                   : http://www.baidu.com/
* HTTP_USER_AGENT                                : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; WebSaver; .NET CLR 2.0.50727)
* HTTP_VERSION                                   : HTTP/1.1
* ORIGINAL_FULLPATH                              : /
* ORIGINAL_SCRIPT_NAME                           :
* PASSENGER_CONNECT_PASSWORD                     : [FILTERED]
* PATH_INFO                                      : /
* QUERY_STRING                                   :
* REMOTE_ADDR                                    : 222.186.21.107
* REMOTE_PORT                                    : 4362
* REQUEST_METHOD                                 : GET
* REQUEST_URI                                    : /
* ROUTES_37245440_SCRIPT_NAME                    :
* SCRIPT_NAME                                    :
* SERVER_NAME                                    : www.baidu.com
* SERVER_PORT                                    : 80
* SERVER_PROTOCOL                                : HTTP/1.1
* SERVER_SOFTWARE                                : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.16 OpenSSL/1.0.1f Phusion_Passenger/5.0.27

Why is baidu listed as HOST and server name?

Eduard
  • 3,536
  • 1
  • 20
  • 27

1 Answers1

3

First, your Apache configuration is likely set up to fallback to the client-supplied HTTP_HOST for SERVER_NAME (see the docs on UseCanonicalName and this SO answer for more details). So the fact that the two match, despite being bogus, isn't an issue (unless your code ever depends upon that value).

Secondly, this looks like someone has configured their DNS for baidu.com (a very popular search engine in China) to point to your server. Hard to say why...

Community
  • 1
  • 1
Robert Nubel
  • 7,104
  • 1
  • 18
  • 30
  • i have the same problem.. alwasys the same ip asks my server for a baidu.com website.. which isnt obviously on my server... i think you are on azure too? :) – BvuRVKyUVlViVIc7 May 17 '16 at 07:30
  • 1
    yes, I am on azure. But I fixed that by adding this: ServerAdmin webmaster@localhost DocumentRoot /var/www/html ServerName localhost Redirect 403 / UseCanonicalName Off ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined to 000-default.conf in /etc/apache2/sites-available then I enabled 000-default with a2ensite. Now my server will return 403 when accessed by ip and will respond only to domains that it knows from sites-enabled – Eduard May 18 '16 at 08:34