Comparing my http access log with the watchdog I noticed the following entries. If I understand it correctly the originator is successfully (200) using my system as a proxy (CONNECT). I will try to figure out how to stop that... Just wanted to report it here in case someone else notices the same DA errors (which could otherwise be linked to bad php settings)

81.88.124.30 - - [24/Mar/2010:04:59:50 +0100] "CONNECT 64.12.202.22:443 HTTP/1.0" 200 5842 "-" "-"
81.88.124.30 - - [24/Mar/2010:04:37:45 +0100] "CONNECT 64.12.202.1:443 HTTP/1.0" 200 5842 "-" "-"

Domain Access 24 Mar 2010 - 04:59 Domain access failed to load during phase: 1. Please ...
Domain Access 24 Mar 2010 - 04:37 Domain access failed to load during phase: 1. Please ...

Comments

icametoplay-1’s picture

Same here - subscribing

skizzo’s picture

in my case I didn't remember to save the setup after configuring iptables, so on first reboot
I lost my firewall. I realized that thanks to the DA watchdog message...

agentrickard’s picture

Interesting. Phase 1 is DOMAIN_BOOTSTRAP_NAME_RESOLVE, which means the attacker is pinging you based on IP and not domain name, so DA fails to resolve the request.

See domain_resolve_host() for instance. This is returning FALSE, so DA's bootstrap fails.

You can remove this by using Domain Alias to register IPs as aliases of their domain names.

This is all By Design. Oddly, I have never had that error reported before. But that's why we have a trap in the bootstrap to catch these load errors.

agentrickard’s picture

Status: Active » Closed (works as designed)