Apache Status and HTTP Requests of "OPTIONS * HTTP/1.0"

[DReade83]

OPTIONS * HTTP/1.0 is appearing an awful lot under Apache Status, so far 30+ times since Apache's last restart a few days ago.

Any idea what could be causing this and how to stop it?

Thanks in advance.

[Promethyl]

Me too, any takers?

Seems to be coming from the local system.

[Greg007]

I see this OPTIONS * HTTP/1.0 coming from localhost too.
It appears with interval from 1 to 15 sec.

[cPanelDon]

The "OPTIONS" request method (like GET, POST, and HEAD) is normal to see; this is one method used by the service monitoring features to check if Apache is online and responsive.

Please note that not all of the listed HTTP activity from the Apache status page in WHM are for active requests. To determine if the request is active at the time of checking status, look at the columns labeled as follows: PID, M

If "PID" is empty, i.e., if there is no current PID, the child process that handled the request already completed and exited.
If "M" or Mode of operation is just a period "." then the slot is open without a current process.

Quoted from the status page of Apache v2.2, here is additional detail describing other modes, followed by a description of the columns displayed:

Code:

Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process

Srv	Child Server number - generation
PID	OS process ID
Acc	Number of accesses this connection / this child / this slot
M	Mode of operation
CPU	CPU usage, number of seconds
SS	Seconds since beginning of most recent request
Req	Milliseconds required to process most recent request
Conn	Kilobytes transferred this connection
Child	Megabytes transferred this child
Slot	Total megabytes transferred this slot

[discovery]

I'm not sure if it's related to last update, but the Apache status server has a lot of (maybe 50) lines like those:

41-36 - 0/0/408 . 0.00 14537 0 0.0 0.00 0.36 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
42-36 - 0/0/390 . 0.00 14537 0 0.0 0.00 0.31 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
43-36 - 0/0/392 . 0.44 14512 0 0.0 0.00 0.17 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
44-36 - 0/0/193 . 0.00 14535 0 0.0 0.00 0.18 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
45-36 - 0/0/89 . 0.19 14514 0 0.0 0.00 0.02 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
46-36 - 0/0/34 . 0.00 14535 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
47-36 - 0/0/214 . 0.00 14497 0 0.0 0.00 0.08 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
48-36 - 0/0/69 . 0.36 14479 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
49-23 - 0/0/221 . 7.90 92944 0 0.0 0.00 0.40 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
50-23 - 0/0/13 . 0.00 93659 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
51-23 - 0/0/21 . 0.39 93618 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
52-23 - 0/0/34 . 1.53 93574 0 0.0 0.00 0.02 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
53-23 - 0/0/22 . 2.08 93540 0 0.0 0.00 0.01 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
54-23 - 0/0/2 . 0.00 93655 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
55-23 - 0/0/2 . 0.15 93641 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
56-23 - 0/0/1 . 0.00 93658 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
57-23 - 0/0/3 . 0.36 93622 0 0.0 0.00 0.00 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
58-23 - 0/0/38 . 0.86 93507 0 0.0 0.00 0.11 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0
59-23 - 0/0/53 . 3.26 93322 0 0.0 0.00 0.12 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0

I saw them first time about 2weeks ago
Is there a Apache problem? I'm very sure was not there before, I used to check that 2, 3 times a week at least.
I recompiled apache like one month ago, but just to update the php

any ideas plsss?

Later update: I can narrow a little bit: actually those lines appears since I had a period of very very slow WHM loading; sometimes took even 2 min to load; the server load was minimal in that time, sites, ssh an others was normal, under 2%load
The WHM slow load automagically disappeared like one week ago

[Infopro]

Those are quite normal. Please see this post by cPanelDon:

http://forums.cpanel.net/f5/options-...-a-105109.html

[discovery]

so until 2, 3 weeks ago my server was not functioning normal?

cause those lines are new, didn't saw them in the first 12month

[cPanelDon]

I'm not sure if it's related to last update, but the Apache status server has a lot of (maybe 50) lines like those:
41-36 - 0/0/408 . 0.00 14537 0 0.0 0.00 0.36 127.0.0.1 xxxxx.xxxxx.com OPTIONS * HTTP/1.0

I saw them first time about 2weeks ago
Is there a Apache problem? I'm very sure was not there before, I used to check that 2, 3 times a week at least.
I recompiled apache like one month ago, but just to update the php

any ideas plsss?

so until 2, 3 weeks ago my server was not functioning normal?

cause those lines are new, didn't saw them in the first 12month

The quoted status information is indicative that Apache is actively being monitored to check if it is online or not; having recompiled or upgraded Apache this is a likely reason why there may have been a change in the verbose status information and how Apache is being monitored to account for what is supported by the installed version of Apache.

Via the Apache status information seeing the string "OPTIONS * HTTP/1.0" is normal and alone it is not directly indicative of whether or not the overall system or server itself is functioning normally.

For further clarification please reference the official RFC that defines the HTTP request method named OPTIONS, located in Section 9.2 of RFC 2616:
RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1

[discovery]

ok, I'll read those

thank you all.

[yayyo]

Hi Don (are you the "veteran" that was mentioned in News - cPanel Inc. ? well at least they didn't say "antique" )

Re: OPTIONS * HTTP/1.0 - I read the RFC, but I guess my questions would be: what is actually doing those requests, and do they really need to be doing it approximately every second?

# tail -f /usr/local/apache/logs/access_log
127.0.0.1 - - [29/Nov/2009:22:38:23 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:24 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:25 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:26 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:27 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:28 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:29 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:30 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:31 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:32 -0500] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [29/Nov/2009:22:38:33 -0500] "OPTIONS * HTTP/1.0" 200 -
...

I tried switching off http monitoring in Main >> Service Configuration >> Service Manager to no effect.

Any further enlightenment you can offer would be much appreciated.
Cheers from the UK,
Marty

[cPanelDon]

After researching further I must clarify and correct part of my earlier statements.

The "OPTIONS" request method (like GET, POST, and HEAD) is normal to see; this is one method used by the service monitoring features to check if Apache is online and responsive.

While the above can be true for general Apache/httpd service monitoring methods, our specific monitoring via the ChkServd driver of TailWatchd uses an HTTP request method of GET (instead of OPTIONS) as shown below.

Upon performing a fresh test, using a freshly-compiled build of Apache version 2.2, I verified that our monitoring uses a slightly different HTTP request such as that seen in the following log entry, but it should only be one request per status check and not a flood every second.

Code:

# grep "^127.0.0.1.*GET / HTTP/1.0" /usr/local/apache/logs/access_log | tail -n1
127.0.0.1 - - [02/Dec/2009:00:07:36 -0600] "GET / HTTP/1.0" 200 111

For comparison, when checking the Apache Status via WHM the log entry may appear similar to the following:

Code:

# grep "^127.0.0.1.*GET /whm-server-status/ HTTP/1.0" /usr/local/apache/logs/access_log | tail -n1
127.0.0.1 - - [02/Dec/2009:00:05:02 -0600] "GET /whm-server-status HTTP/1.0" 200 10514

The quoted status information is indicative that Apache is actively being monitored to check if it is online or not; ...

Example of log entry from referenced status information, where OPTIONS is used:

Code:

# grep "^127.0.0.1.*OPTIONS \* HTTP/1.0" /usr/local/apache/logs/access_log | tail -n1
127.0.0.1 - - [02/Dec/2009:00:02:00 -0600] "OPTIONS * HTTP/1.0" 200 -

To correct and clarify to the best of my knowledge, per the Apache documentation wiki this is most likely a direct result from Apache/httpd handling its own child processes and is safe to ignore. For a more detailed description I recommend referring to the following Apache httpd wiki article:
InternalDummyConnection - Apache httpd Wiki

InternalDummyConnection - Requests From the Server to Itself
When the Apache HTTP Server manages its child processes, it needs a way to wake up processes that are listening for new connections. To do this, it sends a simple HTTP request back to itself. This request will appear in the access_log file with the remote address set to the loop-back interface (typically 127.0.0.1 or ::1 if IPv6 is configured).

...
Re: OPTIONS * HTTP/1.0 - I read the RFC, but I guess my questions would be: what is actually doing those requests, and do they really need to be doing it approximately every second?
...
Any further enlightenment you can offer would be much appreciated.
Cheers from the UK,
Marty

Here is an earlier forums post that provides an on-target explanation with additional information:
cPanel Forums - View Single Post - apache load