Security Incidents mailing list archives
Re: Strange CONNECT entries in apache logs
From: Thomas Jensen <securityfocus () obscure dk>
Date: Thu, 12 Jun 2003 23:09:18 +0200
Mike Blomgren wrote:
Comments below.-----Original Message-----From: Thomas Jensen [mailto:securityfocus () obscure dk] Sent: den 11 juni 2003 09:53To: incidents () securityfocus com Subject: Re: Strange CONNECT entries in apache logs
I just looked in my logs and found the same (CONNECT with a 200 code). However it might not be the problem it seems to be. I tried connecting with telnet and execute a CONNECT command - the result was a 200 code and the output of my own /index.php page. I have found several references to this being a PHP4 bug, which can happen when you have an index.php file and a DirectoryIndex index.php directive in you Apache conf.This behaviour can occur if there is a 'redirect' from a non-existent file, to an errorpage. The webserver should return a 404 status, since the request was made to a non-existing page, but the actual 'error page' exists and thus returns 200 status. A very common problem on IIS servers - however seemingly not the case here. The issue is none the less important to resolve for several reasons: 1) Not falsely attract scum such as proxy and spam-relayers, 2) Update indexes of search engines.
Hmm, personally I don't mind that a few scumbag spammers thinks that they can spam thru my server - as long as they can't ;-)
A matter of taste I guess. Regarding (2), I don't think a search engine would try a CONNECT request.For anyone interested in testing their own servers, I use these few lines of python code:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('localhost', 80))
s.send('CONNECT www.nonexistant.abc:80 HTTP/1.0\r\n\r\n')
print s.recv(10240)
Replace 'localhost' as appropriate for your configuration.
Best regards
Thomas Jensen
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Current thread:
- Re: Strange CONNECT entries in apache logs, (continued)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 10)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 11)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 11)
- Re: Strange CONNECT entries in apache logs Darryl Luff (Jun 11)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 10)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 11)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 12)
- Re: Strange CONNECT entries in apache logs Christine Kronberg (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 12)
- Re: Strange CONNECT entries in apache logs OSCAR (Jun 12)
- Re: Strange CONNECT entries in apache logs Thomas Jensen (Jun 13)