Re: how to explain these logs?

From: R Pradeep Chandran (see@sig.below)
Date: 02/06/02 

From: see@sig.below (R Pradeep Chandran)
Date: Wed, 06 Feb 2002 07:45:12 GMT

On Tue, 5 Feb 2002 18:24:22 +0000 (UTC), in comp.os.linux.security,
RainbowHat wrote:
:< chris
:8<
:>I'm running RH72 with firewall.
:>
:>Also, in some place of the log file, I see these 2 lines where the
:>URLs after "GET" are nothing to do with my URL/web server. How could
:>this happen? Is it some one isusing my machine to access other web
:>site?
:>
:>Can some one explain this a little bit to me, or point me to a place
:>for more details? Thanks a lot!
:>
:>210.21.30.169 - - [04/Feb/2002:00:29:37 -0800] "GET
:>http://www.sina.com.cn/ HTTP/1.1" 200 692 "-" "Mozilla/4.0
:>(compatible; MSIE 4.01; Windows 95)"
:
:Someone who oriented privacy at 210.21.30.169 searched proxy server.
:And your server responded code 200. This mean your httpd server allow
:proxy request. You served proxy volunteer. This is not so bad. Depend
:on your volunteer policy.

Hmm. I just tried the following request on an RH7.1 with Apache 1.3.19
GET http://www.yahoo.com/ HTTP/1.0

I got a 200 response, but the body is the same as 'GET /' on localhost
(start page). I have disabled the proxy in Apache. Now, if you try to
use this machine (port 80) as a proxy server, you can happily browse the
site hosted on this machine irrespective of the hostname in the request
as long as the rest of the URL is valid for the site.

For example, with a request like,
GET http://www.yahoo.com/foo/bar/
Apache will consider only /foo/bar/

I do not know whether this behaviour is standards compliant or not.

Have a nice day,
Pradeep

Relevant Pages

  • [TOOL] Blowchunks - Protecting Existing Apache Servers Until Upgrades Arrive
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... a known vulnerable apache server until they can ... on HTTP "request" messages. ... Attached are a two versions of code to allow the server to intercept each ...
    (Securiteam)
  • [UNIX] Apache HTTP Server 413 Error Page XSS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Apache HTTP Server 413 Error Page XSS ... Apache 2.X returns a '413 Request Entity Too Large' error, ...
    (Securiteam)
  • Re: Making a socket connection via a proxy server
    ... > It looks like the Tiny HTTP Proxy (using BaseHTTPServer as it's ... between client and server. ... When sending a HTTP GET request to a server, ...
    (comp.lang.python)
  • Re: writing a proxy ..
    ... the browser but I get a BAD REQUEST. ... I dont quite understand your code, To clear things up, is this code for an http proxy? ... if so why does the request originate with the proxy and where does your browser come into it. ... Can you explain the architecture of this thing, I usually expect there to be a Client talking to a Proxy which relays the request to a Server. ...
    (comp.lang.java.programmer)
  • Re: My web server is being redirected (more info)
    ... >> I host my friends site on my home server. ... >> It appears that Apache2 is redirecting the request to the loopback ... # We now support multiple apache configurations on the same server. ... # Format: Redirect old-URI new-URL ...
    (comp.os.linux.networking)