Forum Moderators: DixonJones
211.28.96.9 - - [03/Feb/2003:10:44:20 +0000] "GET /_vti_inf.html HTTP/1.0" 302 234 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"
211.28.96.9 - - [03/Feb/2003:10:44:22 +0000] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 302 234 "-" "MSFrontPage/5.0"211.28.96.9 - - [03/Feb/2003:10:44:45 +0000] "OPTIONS / HTTP/1.0" 200 - "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
211.28.96.9 - - [03/Feb/2003:10:44:47 +0000] "OPTIONS /about.html HTTP/1.0" 200 - "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
211.28.96.9 - - [03/Feb/2003:10:44:48 +0000] "GET /_vti_inf.html HTTP/1.0" 302 234 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"
211.28.96.9 - - [03/Feb/2003:10:44:50 +0000] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 302 234 "-" "MSFrontPage/5.0"
211.28.96.9 - - [03/Feb/2003:10:44:51 +0000] "OPTIONS / HTTP/1.0" 200 - "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
211.28.96.9 - - [03/Feb/2003:10:44:52 +0000] "OPTIONS /about.html HTTP/1.0" 200 - "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
Does anyone recognise what's going on there?
Looks a little suspicious to me.
This is part of Microsoft's collaborative publishing setup, where multiple authors can work on (edit) one document on the Web.
It can happen because someone is opening your page using FrontPage or Excel, or any other high-end Web-enabled Microsoft application. Sometimes I see evidence that an inexperienced user is trying to use the wrong program to surf the Web, or has a problem with his/her registered filetypes. Other times it looks like a site-download or hacking attempt. I block FrontPage, Microsoft URL Control, and Microsoft Data Access Internet Publishing Provider user-agents, and block access to any URI containing "_vti_" on my sites. And they are hosted on Apache server, so these files and functions are not supported anyway.
I notice that you are redirecting (302 response code) two of the requests in the sample you posted. Make sure that this was your intent; An incorrect implementation of a custom 404 document can cause the 404 response to be overridden, and the server to return a 302 instead. The most common cause is an error in the target path (not URL) specification in the ErrorDocument 404 directive.
HTH,
Jim
Thanks for the info.
Could I block things like this using robotx.txt?
Robots.txt does not "block", it "requests" that a robot not request certain files. It requires the cooperation of the user-agent. I don't see any request for robots.txt in the log sample you provided, and a user-agent can't obey robots.txt if it doesn't read it first.
On Apache server, you can use mod_access or mod_rewrite in httpd.conf or .htaccess to block these accesses. Other methods can be used on other servers such as IIS, but I'm no expert on them. If you're on Apache, this Introduction to mod_rewrite [webmasterworld.com] thread may be useful.
Jim
