My Apache web server access log has numerous odd-looking entries like these, wherein the IP address is either blank or in some highly variable format which I do not understand. Internet searches produce Russian output; hex decoders can’t make sense of it. I don’t have any other resources! Can anyone here tell me what these coded IP addresses mean? (Yes, I do get mostly normal-looking IPv4 and the occasional IPv6 IPs too…I included one "normal-looking" entry at the end):
Hi @gibhenry! This is probably not the right forum for this question, as we specialize in Let's Encrypt issues rather than general Apache support. But, to not leave you lacking any information at all - I would check your Apache configs for LogFormat and CustomLog directives. You might have something odd going on there. Best luck!
I searched around out of curiosity and tried various ways of decoding it myself to no avail. All I primarily found were @gibhenry's own posts asking the same question elsewhere.
It is possible to send the output to a single log file from multiple vhosts.
So I would try to locate the vhost that is sending these logs and then show the LogFormat in use.
I believe we will find something in there that can explain this output.
That's a different thing, though…the hex is in the request, not the section for the IP from which it's received. I know mine is hex encoded, but decoding it doesn't make sense in the context of an IP address. Cheers//Gib Henry
Some are so much sorter than others - it has no rhyme or reason (that I can see).
I say memory corruption.
The location that stores the %h pointer now points to lalaland.