[Gllug] Strange proxy request in Apache logs
Dean Wilson
dean.wilson3 at virgin.net
Sun Mar 14 12:39:29 UTC 2004
Richard Jones wrote:
> Is this entry some sort of proxy request which indicates the server is
> misconfigured?
> 64.222.44.140 - - [14/Mar/2004:11:34:41 +0000] "GET
> http://www.yahoo.com/ HTTP/1.1" 200 3790 "-" "Mozilla/4.0
> (compatible; MSIE 4.01; Windows 95)" 64.222.44.140.238051079264081228
At a first glance i'd say yes, it looks like you can use this proxy as an
anonymous relay.
The "GET http://www.yahoo.com" bit tries to access the remote site through
your server (and looks like it worked), if it works then its your servers
IP that shows up in the remote logs, not the clients.
You can also use this trick with "connect" requests to talk to ports on
machines you wouldn't normally be able to access but the webserver can.
Such as a database server.
Dean
--
Dean Wilson http://www.unixdaemon.net
Profanity is the one language all programmers understand
--- Anon
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list