My server management scripts daily monitor the sizes of access log files and report to me when they are too large. I do a LOT to keep them small. This is because fail2ban is constantly scanning them to block the IPs of intruders. For these reasons I notice when a lot of strange HTTP codes are being generated.
In this case:
- GET /apps/mail/api/messages/12345/itineraries => 403
- /apps/mail/api/messages?mailboxId=211&limit=1&cursor=1663380349 => 409
Returning these codes runs for me, using own Scripts for Fail2Ban monitoring Nginx logs, a high risk of my own users getting blocked, so this I see as in fact a real problem.
I am aware that these are virtual addresses and that try_files must therefore be sending them through index.php.
What are the features causing these attempted accesses and how can I turn them off?
Thanks! Tim