[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache log entry

At 10:08 2001-10-09 +1000, brendan hack wrote:
Hi All,

I found a strange entry hidden among all the IIS exploit attempts in my apache access log today: - - [07/Oct/2001:21:28:44 +1000] "GET HTTP/1.0" 200 756

Does anyone know if this is some sort of attack attempt? It doesn't seem to make any sense as a log entry as there is no leading '/' on the url portion and there is no corresponding error log entry saying that the file '' couldn't be found. I also find the fact that the client IP and the url are the same suspicious. I tried retrieving the same file myself using mozilla (http://webserver/ and it created a similar access entry but with a '/' at the start of the url and there was an error log entry generated. There was a peak in traffic from the server the day after this log entry which instigated the check. Any suggestions will be appreciated.

This may be an attack, or a scan for open HTTP proxies.
The log line it self is a request for your server to act as a proxy, connecting to the URL shown in the logs. Apache will ignore the 'protocol://host:port' portion of the URL if it is not set up to do proxing.

just being paranoid

Paranoid is good.

Reply to: