Nginx access log shows authenticated user "admin"

Posted by bearcat on Server Fault See other posts from Server Fault or by bearcat
Published on 2012-12-13T03:30:17Z Indexed on 2012/12/13 5:06 UTC
Read the original article Hit count: 427

Filed under:
|
|

I came across a line in my Nginx access log:

218.201.121.99 - admin [12/Dec/2012:18:33:18 +0800] "GET /manager/html HTTP/1.1" 444 0 "-" "-"

Let me stress that there is only 1 record with this IP.

Notice the authenticated user admin.

After some googling, I was able to find out only that this is authenticated user (http://wiki.nginx.org/HttpCoreModule#.24remote_user), which was authenticated by the Auth Basic Module (http://wiki.nginx.org/HttpAuthBasicModule).

However, nowhere in my site (configuration) do I use HTTP basic authentication.

What is going on? How did it get there? Was the user authenticated?

© Server Fault or respective owner

Related posts about nginx

Related posts about logging