httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeroen Geilman <jer...@adaptr.nl>
Subject Re: [users@httpd] suspicious proxy(?) URLs in logs
Date Sun, 13 Mar 2011 00:51:04 GMT
On 03/10/2011 02:16 PM, Rob De Langhe wrote:
> hi,
>
> while going occasionally through the access logs of a 2.2.17 Apache 
> server, I noticed some URLs of remote locations where my server would 
> have made a GET for ?!
>
> an example:
>
> 194.0.122.134 - - [10/Mar/2011:02:26:55 +0100] "GET 
> http://www.ebay.com/ HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible; 
> MSIE 4.01; Windows 95)"
>
> So the status code = 200 indicates that the server allowed that URL 
> "http://www.ebay.com" <http://www.ebay.com>  for the client 
> 194.0.122.134 ...

And a Windows 95 client running IE4. Seriously.

>
> I suspected that proxy functionality (enabled by default for long, 

Incorrect. ProxyRequests has never been On by default in any apache 
version that supports it.

The documentation clearly states that this is a security risk:

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyrequests


> but luckily in this 2.2.17 version it is not enabled by default in the 
> configs), so I checked the loaded modules :
>
> # /usr/apache2/bin/apachectl -t -D DUMP_MODULES | grep -i prox
> #
>
> so none.
>
> Which other module or config setting could have as effect that my 
> server accepts such requests ?

You need to provide more context - what distro is this ?
Did you install a package or compile it yourself ?
What does the error log say ?
What other modules are loaded ?


-- 
J.


Mime
View raw message