On 03/13/2011 01:53 AM, Eric Covener wrote:
On Thu, Mar 10, 2011 at 8:16 AM, Rob De Langhe <rob.de.langhe@xxxxxxxxxxxx> wrote:hi, while going occasionally through the access logs of a 2.2.17 Apache server, I noticed some URLs of remote locations where my server would have made a GET for ?! an example: 194.0.122.134 - - [10/Mar/2011:02:26:55 +0100] "GET http://www.ebay.com/ HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)" So the status code = 200 indicates that the server allowed that URL "http://www.ebay.com"; for the client 194.0.122.134 ...This doesn't necessarily mean it was proxied. Requests of this type will just be served from your default (first-listed) vhost for whatever iface it was received on.
...and was received by an application that accepts wildcard requests. Any existing (and non-matching) content will simply 404 it.Whether or not the application that blindly accepted it will try to retrieve the URL is a legitimate concern, but it would mean he is already running very dubious software.
-- J. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|