Re: Strange CONNECT entries in apache logs

[Christine Kronberg <Christine_Kronberg () genua de>]

On Wed, 11 Jun 2003, Thomas Jensen wrote:
> Rajkumar S wrote:
> > Hi,
> >
> > While going through my apache logs, I found some logs indicating CONNECT
> > requests to port 25 of other hosts.
> >
> > 213.130.24.192 [06/Jun/2003:08:44:58 +0530] "CONNECT 194.67.23.20:25
> > HTTP/1.1" 302 5 "-" "-"
> > 130.94.247.248 [06/Jun/2003:10:26:17 +0530] "CONNECT 207.44.188.67:25
> > HTTP/1.0" 200 14409 "-" "-"
> > 130.94.247.248 [06/Jun/2003:09:56:21 +0530] "CONNECT smtp.rol.ru:25
> > HTTP/1.0" 200 17757 "-" "-"
>
> I just looked in my logs and found the same (CONNECT with a 200 code).
> However it might not be the problem it seems to be. I tried connecting
> with telnet and execute a CONNECT command - the result was a 200 code
> and the output of my own /index.php page.

  I see the same, when people try to use my apache as proxy. But
  my index page has always the same size (I do not alter each day :-) ).
  The entries above show a big difference in the transferred bytes.

> I have found several references to this being a PHP4 bug, which can
> happen when you have an index.php file and a DirectoryIndex index.php
> directive in you Apache conf.

  As I don't have php, do you also see a hop in the transferred bytes?
  Or is that stable?

  Cheers,


                                                      Chris Kronberg.

-- 
GeNUA mbH



----------------------------------------------------------------------------
----------------------------------------------------------------------------