Understanding apache.error.log message?

March 7, 2018 839 views
Apache Logging Ubuntu 16.04
smeehan
By:
smeehan

Hi,

My apache.error.log is listing lots of messages.

I'd really like to:

  • understand what they mean
  • if I should be concerned
  • and what (if anything) I can do to fix them?

Here's some examples:

Example 1
What does AH01071: Got error 'Primary script unknown\n' mean? I guess the referer means this traffic came from a google search? Is that right?

[Wed Mar 07 10:25:13.091724 2018] [proxy_fcgi:error] [pid 23250:tid 139792931026688] [client 34.211.170.204:32229] AH01071: Got error 'Primary script unknown\n', referer: https://google.com

Example 2
Same as Example 1, but there's no referer. This error is mentioned again: AH01071: Got error 'Primary script unknown\n'

[Wed Mar 07 10:25:41.486181 2018] [proxy_fcgi:error] [pid 23251:tid 139793179039488] [client 106.161.134.188:32235] AH01071: Got error 'Primary script unknown\n'

Example 3
Same AH01071: Got error 'Primary script unknown\n' referer is http://d3creative.uk/wp-login.php. This looks like someone is trying to visit that page (that domain doesn't use WordPress).

[Wed Mar 07 10:45:26.724938 2018] [proxy_fcgi:error] [pid 23503:tid 139793162254080] [client 201.17.159.95:32443] AH01071: Got error 'Primary script unknown\n', referer: http://d3creative.uk/wp-login.php

Can these errors be fixed? If so, can anyone tell me how?

Thanks for reading
Stephen

2 Answers

Hi There,

From what I can find, it looks like there may be some configuration issues with Apache.
I would first start looking at any .htaccess files you may have.

Here is some relevant information:
http://www.coders.pro/2017/01/got-error-primary-script-unknown-update-php-fpm-apache-2-4/

Without knowing more about your setup and configuration, it's difficult to pin point.

As for the examples containing referer, thats obviously someone trying to visit yourself by following a link from the referring site. The google.com one makes sense, but the http://d3creative.uk/wp-login.php seems odd.

Again, without knowing more about your setup, it's hard to nail down. Perhaps you're running a Wordpress site yourself and someone is "testing the security".

Hi Adrian,

Thanks for taking the time to respond to my post.

I'll take a look at that post you recommended. I do have a .htaccess file. It'd be great to get to the bottom of this.

Thanks again!

Have another answer? Share your knowledge.