Security Basics mailing list archives

Re: Strange Web Server Log Entries

From: Allan Wind <allan_wind () lifeintegrity com>
Date: Thu, 6 Dec 2007 18:53:20 -0500

On 2007-12-06T15:24:24-0600, Sean Malloy wrote:

What do these entries in my Apache logs mean?

65.117.101.194 - - [20/Nov/2007:09:25:39 -0600] "GET http://www.microsoft.com/ HTTP/1.0" 200 2770


It means the client is using your web server as a proxy, and appears 
to be succeeding for GETs (but not connect and post).  You would need to  
compare the output of said response with what you get from microsoft.com 
to confirm.  For instance:

telnet $host $port
GET http://www.microsoft.com/ HTTP/1.0

Your favorite search engine will probably present you with tools to do 
this for you in a browser if you ask it nicely.  A few problems with 
open proxies is that that client waste your resources, and if they 
attach a 3rd party then law enforcement would come and knock on your 
door rather than theirs (hopefully to start with).


/Allan

Current thread:

Strange Web Server Log Entries Sean Malloy (Dec 06)
- Re: Strange Web Server Log Entries Allan Wind (Dec 07)
- Message not available
  - Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH (Dec 07)
  - Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries infolookup (Dec 07)
- Re: Strange Web Server Log Entries Sukbum Hong (Dec 07)
  - Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries Zapotek (Dec 07)
  - Re: Strange Web Server Log Entries steve menard (Dec 07)
    - Re: Strange Web Server Log Entries Zapotek (Dec 07)
    - Re: Strange Web Server Log Entries steve menard (Dec 08)

(Thread continues...)