Bugtraq mailing list archives
Re: Hidden requests to Apache
From: Lorenzo Pulici <webmaster () weitzmann it>
Date: Thu, 25 Oct 2001 08:58:53 +0200
On Wed, Oct 24, 2001 at 09:09:59PM +0100, smiler wrote:
GET / HTTP/1.0 \r\r\n In this case APACHE will print in the log file the carriage return character. So when we try to tail the access_log file it will be shown in the screen as : " 414 3461.251 - - [24/Oct/2001:18:58:18 +0100] "GET / HTTP/1.0 A normal line would be : 127.0.0.1 - - [24/Oct/2001:19:00:32 +0100] "GET / HTTP/1.0" 200 164
I tested it locally on my Apache 1.3.22 and I got: bash-2.04$ telnet 192.168.2.1 80 Trying 192.168.2.1... Connected to 192.168.2.1. Escape character is '^]'. GET / HTTP/1.0 \r\r\n On access_log: 127.0.0.1 - - [25/Oct/2001:08:48:39 +0200] "GET / HTTP/1.0 \r\r\n" 400 368 -- Lorenzo Pulici - webmaster () weitzmann it http://www.weitzmann.it
Current thread:
- Hidden requests to Apache smiler (Oct 24)
- Re: Hidden requests to Apache Rasmus Bøg Hansen (Oct 25)
- Re: Hidden requests to Apache Bob Niederman (Oct 25)
- Re: Hidden requests to Apache Lorenzo Pulici (Oct 25)
- Re: Hidden requests to Apache Jurjen Oskam (Oct 25)
- Re: Hidden requests to Apache Rasmus Bøg Hansen (Oct 25)