suspicious proxy(?) URLs in logs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: suspicious proxy(?) URLs in logs
From: Rob De Langhe <rob.de.langhe@xxxxxxxxxxxx>
Date: Thu, 10 Mar 2011 14:16:01 +0100
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Internet Messaging Program (IMP) H3 (4.3.8)

hi,

while going occasionally through the access logs of a 2.2.17 Apache server, I noticed some URLs of remote locations where my server would have made a GET for ?!

an example:

194.0.122.134 - - [10/Mar/2011:02:26:55 +0100] "GET http://www.ebay.com/ HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

So the status code = 200 indicates that the server allowed that URL "http://www.ebay.com" for the client 194.0.122.134 ...

I suspected that proxy functionality (enabled by default for long, but luckily in this 2.2.17 version it is not enabled by default in the configs), so I checked the loaded modules :

# /usr/apache2/bin/apachectl -t -D DUMP_MODULES | grep -i prox
#

so none.

Which other module or config setting could have as effect that my server accepts such requests ?

rgds
Rob

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Follow-Ups:
- Re: suspicious proxy(?) URLs in logs
  - From: Rob De Langhe
- Re: suspicious proxy(?) URLs in logs
  - From: Eric Covener
- Re: suspicious proxy(?) URLs in logs
  - From: Jeroen Geilman

Prev by Date: RE: Question about mod_dav in Apache2(Centos)
Next by Date: RE: Question about mod_dav in Apache2(Centos)
Previous by thread: Question about mod_dav in Apache2(Centos)
Next by thread: Re: suspicious proxy(?) URLs in logs
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]