Nginx access log shows authenticated user "admin"
Posted
by
bearcat
on Server Fault
See other posts from Server Fault
or by bearcat
Published on 2012-12-13T03:30:17Z
Indexed on
2012/12/13
5:06 UTC
Read the original article
Hit count: 427
I came across a line in my Nginx access log:
218.201.121.99 - admin [12/Dec/2012:18:33:18 +0800] "GET /manager/html HTTP/1.1" 444 0 "-" "-"
Let me stress that there is only 1 record with this IP.
Notice the authenticated user admin.
After some googling, I was able to find out only that this is authenticated user (http://wiki.nginx.org/HttpCoreModule#.24remote_user), which was authenticated by the Auth Basic Module (http://wiki.nginx.org/HttpAuthBasicModule).
However, nowhere in my site (configuration) do I use HTTP basic authentication.
What is going on? How did it get there? Was the user authenticated?
© Server Fault or respective owner