2010/10/27 Igor GaliÄ <i.galic@xxxxxxxxxxxxxx>: > > ----- "lists httpd-user" <lists.httpd-user@xxxxxxxxxxx> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello, >> >> Regularly I see entries in the error log like: >> "GET http://98.126.64.106/judge123.php HTTP/1.1" 404 >> with varying IP address and varying file name. >> I am not very worried, because the 404 means they don't get >> anything. >> But I'd like to know what exactly they are trying to do (and why do >> it via my system)? >> Thanks for any clarifying thoughts. > > Somebody is using your server as open proxy, and successfully so. > Even though you see 404s, that doesn't mean it's being rejected. > A 403 would mean it is being rejected. > See: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyrequests > It's off by default, and for good. It's hard to tell based on the access log entry along if "jude123.php" was 404 on the IP address specified in the absolute URL (via proxy) or was mapped to your default vhost and attempted to be served locally (where it would 404 based on the unusual filename). The latter is pretty common even when ProxyRequests is off. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|