You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Daniel Lopez <da...@rawbyte.com> on 2002/06/03 18:30:47 UTC
Re: Entries in access log ?
You can safely ignore them as described in the FAQ:
http://httpd.apache.org/docs/misc/FAQ.html#codered
On Mon, Jun 03, 2002 at 06:32:42PM +0200, Anders Jarnberg wrote:
> Newbie question, but I didn't find anything in the FAQ...
>
> I get the following lines in my access log (nonwrapped samples):
> ---
> 212.242.117.99 - - [29/May/2002:00:33:16 +0200] "GET http://www.sina.com/ HTTP/1.1" 200 266 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
> 217.228.203.68 - - [29/May/2002:07:25:54 +0200] "GET http://www.ebay.com/ HTTP/1.1" 200 266 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
> 130.34.83.83 - - [29/May/2002:09:21:28 +0200] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 747 "-" "-"
> ---
>
> Why would a request to my Apache 2.0.36 for www.ebay.com generate a 200 in
> response ? Isn't 200 "success" return code ? Is somebody using my Apache for proxy ?
>
> As you can see, I'm all new at this :-)
>
> Thank in advance for any hints/links...
>
>
> --
> Anders Jarnberg in
> Stockholm, Sweden
> running SuSe 8.0
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Entries in access log ?
Posted by Anders Jarnberg <li...@bredband.net>.
On Monday 03 June 2002 18.30, Daniel Lopez wrote:
> You can safely ignore them as described in the FAQ:
>
> http://httpd.apache.org/docs/misc/FAQ.html#codered
>
> On Mon, Jun 03, 2002 at 06:32:42PM +0200, Anders Jarnberg wrote:
> > Newbie question, but I didn't find anything in the FAQ...
> >
> > I get the following lines in my access log (nonwrapped samples):
> > ---
> > 212.242.117.99 - - [29/May/2002:00:33:16 +0200] "GET http://www.sina.com/
> > HTTP/1.1" 200 266 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
> > 217.228.203.68 - - [29/May/2002:07:25:54 +0200] "GET http://www.ebay.com/
> > HTTP/1.1" 200 266 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
> > 130.34.83.83 - - [29/May/2002:09:21:28 +0200] "GET
> > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 747 "-" "-"
> > ---
> >
> > Why would a request to my Apache 2.0.36 for www.ebay.com generate a 200
> > in response ? Isn't 200 "success" return code ? Is somebody using my
> > Apache for proxy ?
Yes, I understand, but I cannot find an explanation for the ebay.com reference
and return code 200 in that URL ? They do not seem to be coming from the same
place or the same timestamp... I know about code red and nimda, and get a lot of that
traffic, but I thought this was different ?
--
Anders Jarnberg in
Stockholm, Sweden
running SuSe 8.0
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Entries in access log ?
Posted by Jack Nerad <jn...@cimedia.com>.
On Monday 03 June 2002 12:30, you wrote:
> You can safely ignore them as described in the FAQ:
>
> http://httpd.apache.org/docs/misc/FAQ.html#codered
>
> On Mon, Jun 03, 2002 at 06:32:42PM +0200, Anders Jarnberg wrote:
> > Newbie question, but I didn't find anything in the FAQ...
> >
> > I get the following lines in my access log (nonwrapped samples):
> > ---
> > 212.242.117.99 - - [29/May/2002:00:33:16 +0200] "GET
> > http://www.sina.com/ HTTP/1.1" 200 266 "-" "Mozilla/4.0
> > (compatible; MSIE 4.01; Windows 95)" 217.228.203.68 - -
> > [29/May/2002:07:25:54 +0200] "GET http://www.ebay.com/ HTTP/1.1"
> > 200 266 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
> > 130.34.83.83 - - [29/May/2002:09:21:28 +0200] "GET
> > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 747 "-"
> > "-" ---
> >
> > Why would a request to my Apache 2.0.36 for www.ebay.com generate a
> > 200 in response ? Isn't 200 "success" return code ? Is somebody
> > using my Apache for proxy ?
> >
> > As you can see, I'm all new at this :-)
> >
> > Thank in advance for any hints/links...
> >
> >
> > --
> > Anders Jarnberg in
> > Stockholm, Sweden
> > running SuSe 8.0
> >
http://httpd.apache.org/mail/users/200201.gz
Search for digging4roots.com in the page text.
also search for Proxy (was Re: Interpreting Log Information:
Joshua Slive already answered this question back in January, 2002.
--
Jack Nerad
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Entries in access log ?
Posted by Anders Jarnberg <li...@bredband.net>.
On Monday 03 June 2002 19.26, Joshua Slive wrote:
> On Mon, 3 Jun 2002, Daniel Lopez wrote:
Just wanted to say thanks to Daniel, Jack & Joshua. It was indeed
the same issue, and 266 is the current size of my homepage.
I'll try to search the mailing list archive next time.
--
Anders Jarnberg in
Stockholm, Sweden
running SuSe 8.0
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Entries in access log ?
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 3 Jun 2002, Daniel Lopez wrote:
> Yes, it is possible somebdy is using your apache server as a proxy.
> Check to see if you have mod_proxy enabled in your configuraiton file
> (loaded or compiled in and ProxyREquests on)
> The easiest way to check it out is to connect yourself, using telnet
> issue that request, and see if you get Ebay pages in return
Yes. As someone else pointed out, this question gets asked and answered
about once a month. Even easier than the telnet technique is to check the
file-size returned in the request (266 bytes in this case). If that is
the file size of your home page, then you are most likely safe.
This probably deserves a FAQ entry. Anyone care to write one up?
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Entries in access log ?
Posted by Daniel Lopez <da...@rawbyte.com>.
Oops, didn't read the question, just read the last line and thought it was
another code red question :)
Yes, it is possible somebdy is using your apache server as a proxy.
Check to see if you have mod_proxy enabled in your configuraiton file
(loaded or compiled in and ProxyREquests on)
The easiest way to check it out is to connect yourself, using telnet
issue that request, and see if you get Ebay pages in return
> You can safely ignore them as described in the FAQ:
>
> http://httpd.apache.org/docs/misc/FAQ.html#codered
>
> On Mon, Jun 03, 2002 at 06:32:42PM +0200, Anders Jarnberg wrote:
> > Newbie question, but I didn't find anything in the FAQ...
> >
> > I get the following lines in my access log (nonwrapped samples):
> > ---
> > 212.242.117.99 - - [29/May/2002:00:33:16 +0200] "GET http://www.sina.com/ HTTP/1.1" 200 266 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
> > 217.228.203.68 - - [29/May/2002:07:25:54 +0200] "GET http://www.ebay.com/ HTTP/1.1" 200 266 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
> > 130.34.83.83 - - [29/May/2002:09:21:28 +0200] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 747 "-" "-"
> > ---
> >
> > Why would a request to my Apache 2.0.36 for www.ebay.com generate a 200 in
> > response ? Isn't 200 "success" return code ? Is somebody using my Apache for proxy ?
> >
> > As you can see, I'm all new at this :-)
> >
> > Thank in advance for any hints/links...
> >
> >
> > --
> > Anders Jarnberg in
> > Stockholm, Sweden
> > running SuSe 8.0
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org