What is “Yes This Is A Really Long Request URL” connection attempt to your webserver?

Yes This Is A Really Long Request URL but We Are Doing

Today, I noticed a strange connection attempt to my server requesting for a long file name – that starts as ‘/YesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurpose……………….’. Below is the snapshot from the Apache error log.

[Thu May 11 17:52:01 2017] [error] [client] (36)File name too long  : access to /YesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURL                                  butWeAreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserA gentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForRes earchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeA reDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTH   XYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoin   gItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurpose     PleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAR eallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScann failed.

Understood? Here’s the version with space between the words:

Yes This Is A Really Long Request URL but We Are Doing It On Purpose. We Are Scanning For Research Purpose. Please Have A Look At The UserAgent. THX

As hinted in the above message, I looked into the Apache access_log. HTTP/1.1" 403 1202 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Scanning for research (researchscan.comsys.rwth-aachen.de)"

The above snapshot shows that the traffic was sent from researchscan.comsys.rwth-aachen.de – the website talks about a research project at RWTH Aachen University located at Germany. The quick lookup of IP address reveals that the machine is located within the university’s network.

The research website explains why such connection attempts are made and why are they collecting such data. However, it was hard to understand the objective of the project. So if you notice such connection attempts to your web server, then this particular connection attempt seems to be harmless and you can be less bothered about it.

Updated on September 1, 2017

Was this article helpful?

Related Articles

Leave a Comment