what is "OPTIONS * HTTP/1.0" 200

[its_joe]

Hello,

We have CentOS release 5.2 (Final) and WHM 11.23.2 cPanel 11.23.6-R27698 . Along with it we have Apache/2.2.10 (Unix) and PHP/5.2.6 on server.

Now in the file /usr/local/apache/logs/access_log i get this message alot and due to this there is too much load on server.

127.0.0.1 - - [25/Nov/2008:18:42:03 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:04 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:05 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:06 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:07 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:08 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:09 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:16 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:18 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:19 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:20 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:21 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:22 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:23 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:24 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:25 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:26 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:27 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:28 +0300] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [25/Nov/2008:18:42:29 +0300] "OPTIONS * HTTP/1.0" 200 -

Can anyone please tell me what message is it and how to get rid of it.

its_joe

[jdlightsey]

http://forums.cpanel.net/showthread.php?t=99241

These shouldn't create any meaningful load on the server.

[its_joe]

hello,

no help from the above thread. can anyone please elaborate more on it.

[cPanelDavidG]

hello,

no help from the above thread. can anyone please elaborate more on it.

The thread mentions that this is Apache "polling its child processes to verify they're responding correctly." Simplified, this is a normal process for a contemporary server application to ensure it is using memory efficiently. If you prefer a more elaborate response with more technical details, please let me know.

By "The second field, ' - ', shows that this isn't an active connection" - that means that these are not actual HTTP connections. As a result, these "connections" are not generating any load on your server. If you are experiencing load problems on your server, it would be from something else. Feel welcome to have our technical analysts look over your server so they can assist you with determining the cause of the high load.

[phpworks]

Hi,

can you tell me if these "connections" get counted when Apache looks at MaxClients?

The reason I ask is that we have a server that hit MaxClients (was set to 150) and there isn't a lot on the server at the moment. It struck me that it these are counted towards the clients total, then MaxClients could be breached with gradually fewer "real" connections required to reach it.

I have of course raised MaxClients to get round the immediate issue because the server has plenty enough RAM to cope with a higher figure.

Many thanks,


Mark

[cPanelDon]

Hi,

can you tell me if these "connections" get counted when Apache looks at MaxClients?

The reason I ask is that we have a server that hit MaxClients (was set to 150) and there isn't a lot on the server at the moment. It struck me that it these are counted towards the clients total, then MaxClients could be breached with gradually fewer "real" connections required to reach it.

I have of course raised MaxClients to get round the immediate issue because the server has plenty enough RAM to cope with a higher figure.

Many thanks,

Mark

To the best of my knowledge inactive or closed connections, as described earlier by cPanelDavidG, would not be counted against the limit defined by the MaxClients directive. For additional clarification I recommend the following resource at the official Apache/httpd web site: InternalDummyConnection - Httpd Wiki

[hostmedic]

Is there a way for us to have the logs ignore these
hide OPTIONS "HTTP/1.0"

Our logs are growing pretty large over these entries...

[cPanelDon]

Is there a way for us to have the logs ignore these
hide OPTIONS "HTTP/1.0"

Our logs are growing pretty large over these entries...

Yes; please refer to the information detailed in the official Apache/httpd Wiki article here: InternalDummyConnection - Httpd Wiki

If you wish to exclude them from your log, you can use normal conditional-logging techniques. For example, to omit all requests from the loopback interface from your logs, you can use

Code:

SetEnvIf Remote_Addr "127\.0\.0\.1" loopback

and then add env=!loopback to the end of your CustomLog directive.

Regarding customization of the Apache configuration please see the following documentation: Apache & cPanel/WHM

Within the referenced EasyApache3 documentation, the following area may be of more specific interest (to help narrow the search): Adding Custom Directives to httpd.conf

[jols]

Yes; please refer to the information detailed in the official Apache/httpd Wiki article here: InternalDummyConnection - Httpd Wiki

Regarding customization of the Apache configuration please see the following documentation: Apache & cPanel/WHM

Within the referenced EasyApache3 documentation, the following area may be of more specific interest (to help narrow the search): Adding Custom Directives to httpd.conf

Dear cPanelDon,

I wish it were this easy. We had something like this established on all servers to clear these meaningless logs, e.g:

127.0.0.1 - - [04/Mar/2010:20:29:44 -0600] "OPTIONS * HTTP/1.0" 200 -

But it no longer works, I don't know if it is because of a new cPanel version or what. Currently here's the mod I have in the httpd.conf file, thus used to work but no longer:

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%!414r\" %>s %b" common

SetEnvIf Remote_Addr 127\.0\.0\.1|66\.132\.174\.73|66\.132\.174\.84|67\.43\.164\.34|67\.43\.164\.34|66\.216\.126\.30 exclude_from_log

CustomLog logs/access_log common
CustomLog logs/access_log common env=!exclude_from_log

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

</IfModule>

</IfModule>

I also tried your version, but no go.

[jols]

Regarding this log entry that tends to fill /usr/local/apache/logs/access_log

127.0.0.1 - - [08/Mar/2010:03:20:45 -0600] "OPTIONS * HTTP/1.0" 200 -


Does anyone know why the following in httpd.conf would NOT work to filter out the jillions of log entries like the one listed above?


---------------------------------------
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

CustomLog logs/access_log common

SetEnvIf Remote_Addr "127\.0\.0\.1" loopback
CustomLog logs/access_log common env=!loopback

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

</IfModule>

</IfModule>
---------------------------------------


We used to be able to filter out the 127.0.0.1 log entries, but lately nothing seems to work. I've been working on this one for a few days now with no successes. It is important to us to get this resolved because we have set up scripts to "look" at the general access log, to see what is hitting, or probing the server.

Thanks for any advice.

[cPanelDon]

Dear cPanelDon,
I wish it were this easy. We had something like this established on all servers to clear these meaningless logs, e.g:

Code:

127.0.0.1 - - [04/Mar/2010:20:29:44 -0600] "OPTIONS * HTTP/1.0" 200 -

But it no longer works, I don't know if it is because of a new cPanel version or what. Currently here's the mod I have in the httpd.conf file, thus used to work but no longer:

Code:

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%!414r\" %>s %b" common
    SetEnvIf Remote_Addr 127\.0\.0\.1|66\.132\.174\.73|66\.132\.174\.84|67\.43\.164\.34|67\.43\.164\.34|66\.216\.126\.30 exclude_from_log
    CustomLog logs/access_log common  
    CustomLog logs/access_log common env=!exclude_from_log
    <IfModule logio_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
</IfModule>

I also tried your version, but no go.

The version of cPanel does not directly affect the logging directives in Apache, but manual (administrator) changes or recompiling (either downgrading or upgrading) Apache/httpd could have an effect depending on what and how customizations are applied. To clarify, the example I provided was quoting directly from and according to the official Apache/httpd wiki and documentation.

What is the version of Apache/httpd being used?

Code:

# /usr/local/apache/bin/httpd -v

In the provided details I see a few issues that should be addressed.

Please consider the following suggestions:
1.) Remove the duplicate CustomLog entry, so that the following is not specified twice:

Code:

CustomLog "logs/access_log" common

2.) Try placing double-quotes around the regular expression (regex) that is entered for the directive SetEnvIf.
3.) Try specifying only the localhost/loopback IP instead of a list to reduce the complexity involved.

Code:

SetEnvIf Remote_Addr "127\.0\.0\.1" loopback

Code:

CustomLog "logs/access_log" common env=!loopback

[cPanelDon]

Please also refer to the following Apache/httpd documentation:
Apache HTTP Server (v2.2) - mod_setenvif
Apache HTTP Server (v2.2) - Log Files

Here are two specific references within the above documentation sections:
Apache HTTP Server (v2.2) - mod_setenvif - SetEnvIf Directive
Apache HTTP Server (v2.2) - Log Files - Access Log - Conditional Logs

[jols]

Hi Thanks for your help with this.

Apache version:
Apache/2.2.14 (Unix)

Please consider the following suggestions:
#1 - I tried that, but it seems to shut down the Apache access_log logging completely.

#2 and #3:
Okay, thanks I'll try that too.

Please also refer to the following Apache/httpd documentation:
I don't mean to sound resistant, but I have indeed been over the Apache documentation obsessively over the past few days to the point to where my eyeballs are now melting down my cheeks.

The devil of it is, this exact same thing, as follows, works on one server, but not another server, both with the exact same Apache and cPanel/WHM version:

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%!414r\" %>s %b" common

SetEnvIf Remote_Addr 127\.0\.0\.1|66\.132\.174\.73|66\.132\.174\.84|67\.43\.164\.34|67\.43\.164\.34|66\.216\.126\.30 exclude_from_log

CustomLog logs/access_log common
CustomLog logs/access_log common env=!exclude_from_log

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

</IfModule>

</IfModule>

[jols]

And what's worse, on the cPanel servers where this issue is in play, the access_logs fail to keep current throughout periods of the day. For example:

127.0.0.1 - - [08/Mar/2010:12:33:36 -0600] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [08/Mar/2010:12:33:37 -0600] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [08/Mar/2010:12:33:38 -0600] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [08/Mar/2010:12:33:41 -0600] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [08/Mar/2010:12:33:42 -0600] "OPTIONS * HTTP/1.0" 200 -
# date
Mon Mar 8 18:07:08 CST 2010

Note the time stamp difference between the date of the access_log tail and the actual time. Apparently Apache has not entered any access_log entries for the past 5.5 hours.

If I reboot Apache, then the access_log logging resumes. This is a very strange issue. Here is what a tech at ThePlanet said about this one:

-------------------
The oddity that I am seeing is that when the logging stops Apache has closed its access to the access.log file. However, when Apache is restarted, it opens two separate connections to the access.log for the parent Apache process and it begins logging.

lsof -a -chttpd -x +D /usr/local/apache/logs/
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 10949 root 2w REG 8,3 47067387 819685 /usr/local/apache/logs/error_log
httpd 10949 root 3w REG 8,3 58313 821840 /usr/local/apache/logs/modsec_audit.log
httpd 10949 root 4w REG 8,3 0 821372 /usr/local/apache/logs/modsec_debug_log
httpd 10949 root 22w REG 8,3 7944652 819402 /usr/local/apache/logs/access_log
httpd 10949 root 23w REG 8,3 7944652 819402 /usr/local/apache/logs/access_log

This indicates that there might be a bug in the installed Apache application. Have you tried to rebuild on any of the affected servers, and if so, has it made a difference?
--------------

And in answer to his question above, yes, we have tried a (force) Apache rebuild on two different servers in an attempt to resolve this, and the issue is still not resolved for the effected servers.

At this time I have a trouble ticket in to cpanel.net See ticket # 591161

[hostmedic]

I am following this thread w/ interest - what was found if anything ?