Re: AOL "proxy" behavior?

[Jeff Jirsa <jeff () unixconsults com>]

On Mon, 19 Aug 2002, Michael  B. Morell wrote:

> The netblock is owned by AOL (195.73.x.x/16).  I received about 20-30
> requests (albeit valid requests) from what looked like 20 sequential hosts
> from within that block.  Further inspection of the logs though showed that
> it was from really 1 session (validated thru aspsession identifier).
>
> So my question is, does anyone know whether or not that this is some sort of
> valid AOL proxy behavior where a request for a single page can go thru
> multiple proxies?  Spawning multiple proxies to request information that
> generally only 1 proxy would get.  (ie, a request for a web page resulted in
> 3 different hosts getting different parts of the page, all off of the same
> aspsession id)

Completely normal. From one of the sites I administer (in standard apache
combined format) :

cache-rc02.proxy.aol.com - - [17/Aug/2002:21:03:27 -0700] "GET / HTTP/1.0"
cache-rc01.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file1.jpg
HTTP/1.0"
cache-rg04.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file2.jpg
HTTP/1.0"
cache-rg03.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file3.jpg
HTTP/1.0"
cache-rm04.proxy.aol.com - - [17/Aug/2002:21:03:35 -0700] "GET /file4.jpg
HTTP/1.0"
cache-rm05.proxy.aol.com - - [17/Aug/2002:21:03:36 -0700] "GET /menu2.swf
HTTP/1.0"
cache-rc08.proxy.aol.com - - [17/Aug/2002:21:03:46 -0700] "GET /file6.jpg
HTTP/1.0"

I've trimmed the referrer and useragent fields, but they seem to be valid
as well.

- Jeff Jirsa

-- 

Jeff Jirsa
jeff () unixconsults com

-- 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com