i have the following show up in my http logs constantly:


this is on a shared web server.

here are my problems:

1) i have no idea what wpad.dat means ... i know it's a web proxy protocol but i have no idea what that really means

2) i do not know what website this is really originating from since this server has 30+ websites hosted on it

3) the web hosting environment is new to me and i'm really trying to understand it all

is there a short, precise, and to the point answer and solution for this?

this web server is constantly generating nagios alerts for load average being high and i'm trying to figure out the root cause.

i think it's really an accumulation of little things like this that is contributing to the overall problem. i recently installed an ossec agent on this server to help fend off all the brute force attacks it's been receiving ... i have all the ip addresses for failed ssh/ftp attempts locked out for 72 hours and that seems to have helped with our alerts but i really would like to figure this wpad.dat issue out.

you didn't just stick "wpad.dat" into google? There's plenty of information about it, wikipedia is top with all the information you should need.

Ultimately, it's what IE will request from it's default domain's web server when set to "auto configure proxy" in internet options. So i guess someone what owns myawesomesite.com also uses that domain in their ... office?

if you had better apache logging set up, you'd be logging each virtualhost to its own log file so seeing what site it was should be trivial. You can easily watch a tcpdump or something to grab the request off the wire, however as this isn't urgent, just improve your apache logging in the first place so you have a nice way to find out which domain it is.

of course i searched google for it but i like coming here for a few reasons.

- the input here reinforces what i'm trying to grasp from the multitude of google results

- i get lost in that huge information forest to the point it gets frustrating

- the posts here on this forum are pretty much posts regarding someone's experience and exactly how they fixed the problem and not theorycrafting ...

- when i have questions regarding information, i get to ask for clarification and not going continue searching online for it


i do like the idea of setting up better logging. is that set up in each website's htaccess file?

don't think it can go in there, should only be in the virtualhost declaration in httpd.conf or any other directly included file.