RE: Weird log entries...
From: Cushing, David (David.Cushing@hitachisoftware.com)Date: 03/28/02
- Previous message: Florian Weimer: "Re: Weird log entries..."
- Maybe in reply to: Josh Diakun: "Weird log entries..."
- Next in thread: Michael Ward: "RE: Weird log entries..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Mar 2002 09:25:13 -0500 From: "Cushing, David" <David.Cushing@hitachisoftware.com> To: "Josh Diakun" <joshd@superaje.com>, "Incidents" <INCIDENTS@SECURITYFOCUS.COM>
Josh,
It's not a bug, it's a feature. The connect command is used to do what
you guessed: create a tunnel to another location.
http://www.ietf.org/rfc/rfc2817.txt
5.2 Requesting a Tunnel with CONNECT
A CONNECT method requests that a proxy establish a tunnel connection
on its behalf. The Request-URI portion of the Request-Line is always
an 'authority' as defined by URI Generic Syntax [2], which is to say
the host name and port number destination of the requested connection
separated by a colon:
CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80
Obviously, if you have a program that supports this feature, it should
be locked down!
-David
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Florian Weimer: "Re: Weird log entries..."
- Maybe in reply to: Josh Diakun: "Weird log entries..."
- Next in thread: Michael Ward: "RE: Weird log entries..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
