httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark A. Craig" <mark.a.cr...@gmail.com>
Subject Re: [users@httpd] Wacko Incoming URLs in Log File
Date Tue, 06 Nov 2007 08:53:32 GMT
Joshua, it seems you've also covered this ground :-) before:

> From  	"Joshua Slive" <jos...@slive.ca>
> Subject 	Re: [users@httpd] Deny CONNECT & GET http requests
> Date 	Tue, 19 Jun 2007 23:40:36 GMT
> 
> On 6/19/07, Bob <bob@a1poweruser.com> wrote:
> 
>> You are wrong
> 
> Really? Interesting.
> 
> Well, no actually, I'm not. But it's nice how confident you are about
> your knowledge on this issue.
> 
>>, my original post showed the CONNECT requests having a 200
>> status code which means apache did service them successfully
> 
> As I've told you repeatedly, php was almost certainly treating the
> CONNECT request just like a GET request. So the CONNECT was not
> succeeding in the sense of connecting to a third-party server. It was
> simply serving your index.php page.
> 
>> My book says a 500 code is a common error when a client calls a flawed
>> CGI script.
> 
> And this is not the "correct" status code. The correct status code is
> 403 (forbidden). But as I already said, the status code is not that
> important since the robots don't care. (And, in fact, the original 200
> status code wasn't really a problem either unless your index.php
> script uses up lots of resources. So you could have just left things
> as they were.)
> 
>> I have read the php manual concerning selecting individual
>> methods. I could not find any mention of how to tell php to limit it self to
>> only using desired methods.  A link to the php manual where it explains how
>> to restrict php to only allow the use of selected methods would go a long
>> way to support your view point. Providing a how to fix it post like I did is
>> far better then a reply spouting apache dogma. Results are what count here.
> 
> I'm not here to win a debate with you. I'm just here to try to help
> you understand how your server is working. For php configuration
> questions you are better off on a php list. But I have already given
> you explicit instructions: "I believe you
> can set http.allowed_methods in your php config to the list of methods
> php should handle. (GET and POST would be a good basic list.)" This is
> documented here:
> http://www.php.net/manual/en/ini.php
> 
> As I've also already told you, your current config should be fine. But
> don't go recommending it to others as the proper solution when there
> are many cleaner and safer solutions available (and listed in the
> FAQ).
> 
> Joshua.


-------- Original Message  --------
Subject: Re: [users@httpd] Wacko Incoming URLs in Log File
From: Joshua Slive <joshua@slive.ca>
To: users@httpd.apache.org
Date: Saturday, November 03, 2007 11:53:13 AM

> On Nov 3, 2007 12:40 PM, Roger Haase <haaserd@gmail.com> wrote:
>> About once a week or more often, I get some unusual entries in my apache log
>> file similar to these:
>>
>>
>> 159.148.97.91 - - [31/Oct/2007:23:44:31 -0700] "CONNECT 195.175.37.70:8080
>> HTTP/1.0" 302 102 "-" "-"
>> 159.148.97.91 - - [31/Oct/2007:23:44:32 -0700] "CONNECT 159.148.96.222:80
>> HTTP/1.0" 302 102 "-" "-"
>> 159.148.97.91 - - [31/Oct/2007:23:44:32 -0700] "GET
>> http://www.hi.lv:80/counter1.php HTTP/1.0" 404 284 "-" "-"
>> 159.148.97.91 - - [31/Oct/2007:23:44:33 -0700] "GET
>> http://www.hi.lv:80/counter1.php HTTP/1.0" 404 284 "-" "-"
>> I am in Arizona and the traffic seems to originate in Amsterdam.  The
>> www.hi.lv host apears to be in Latvia.  My IP address is no where near
>> 195.175.37.70 or 159.148.96.222.  On the other occasions, the urls are from
>> other equally strange locations and never seem to repeat.  On most
>> occasions, there is only one entry at a time.
>>
>> Is this misdirected internet junk that I should report to my ISP as their
>> problem or is this a hacker attempt?
> 
> See:
> http://wiki.apache.org/httpd/ProxyAbuse
> 
> Joshua.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message