httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeroen Geilman <jer...@adaptr.nl>
Subject Re: [users@httpd] suspicious proxy(?) URLs in logs
Date Sun, 13 Mar 2011 12:06:37 GMT
On 03/13/2011 01:53 AM, Eric Covener wrote:
> On Thu, Mar 10, 2011 at 8:16 AM, Rob De Langhe
> <rob.de.langhe@twistfare.be>  wrote:
>    
>> hi,
>>
>> while going occasionally through the access logs of a 2.2.17 Apache server,
>> I noticed some URLs of remote locations where my server would have made a
>> GET for ?!
>>
>> an example:
>>
>> 194.0.122.134 - - [10/Mar/2011:02:26:55 +0100] "GET http://www.ebay.com/
>> HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
>>
>> So the status code = 200 indicates that the server allowed that URL
>> "http://www.ebay.com"  for the client 194.0.122.134 ...
>>      
> This doesn't necessarily mean it was proxied.  Requests of this type
> will just be served from your default (first-listed) vhost for
> whatever iface it was received on.
>    
...and was received by an application that accepts wildcard requests.

Any existing (and non-matching) content will simply 404 it.

Whether or not the application that blindly accepted it will try to 
retrieve the URL is a legitimate concern, but it would mean he is 
already running very dubious software.



-- 
J.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message