You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Bing Du <bd...@iastate.edu> on 2006/08/30 16:29:51 UTC

[users@httpd] unknow sites found in access_log?

Hi,

Apache 2.0.52 on RHEL 4.

Can anybody shed some light on why our access_log has the following
messages?    Is the server being used as proxy or something by somebody
else?  Thanks in advance.

222.185.24.17 - - [30/Aug/2006:08:37:57 -0500] "GET
http://ad.zanox.com/ppv/?4021489C329206511 HTTP/1.0" 200 889
"http://www.gamestart.info" "Mozilla/4.0 (compatible; MSIE 5.02; Windows
98)"
222.185.24.17 - - [30/Aug/2006:08:38:03 -0500] "GET
http://ad.zanox.com/ppv/?3467595C1541548350 HTTP/1.0" 200 889
"http://www.interstfree.com" "Mozilla/4.5 [en] (Win98; I)"

Bing

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Joshua Slive <jo...@slive.ca>.

On 8/30/06, Bing Du <bd...@iastate.edu> wrote:
> That's not a good sign.  No, there is no 'ppv' on our server.  'grep -i
> proxy httpd.conf' returns:
>
> ==
> LoadModule proxy_module modules/mod_proxy.so
> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> LoadModule proxy_http_module modules/mod_proxy_http.so
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> # Proxy Server directives. Uncomment the following lines to
> # enable the proxy server:
> #<IfModule mod_proxy.c>
> #ProxyRequests On
> #<Proxy *>
> #</Proxy>
> #ProxyVia On
> #   CacheRoot "/var/cache/mod_proxy"
> # End of proxy directives.
> ==
>
> Is the above configuration sufficient to say the web server is _not_
> proxying?   If yes, then what config can cause the server to return the
> success code to non-existant files?  I was told we have an Apache proxy
> server running on the private network which is not connected to the
> Internet.  Could that even be related?  I'm going to dig more.

I would start by removing the LoadModule proxy_... lines.  You don't
need those if you aren't using mod_proxy.

What you should do is test the server yourself by pointing your
browser's proxy setting at it and see if you can access other sites.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Bing Du <bd...@iastate.edu>.

> The part after the ? is the query string, not the filename.  Do you
> have a directory "ppv" on your server?  If so, this might be normal.
> If not, you are either proxying requests or you are returning 200
> (success) status codes for requests to non-existant files.  Either
> way, you have a problem.
>

That's not a good sign.  No, there is no 'ppv' on our server.  'grep -i
proxy httpd.conf' returns:

==
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#<IfModule mod_proxy.c>
#ProxyRequests On
#<Proxy *>
#</Proxy>
#ProxyVia On
#   CacheRoot "/var/cache/mod_proxy"
# End of proxy directives.
==

Is the above configuration sufficient to say the web server is _not_
proxying?   If yes, then what config can cause the server to return the
success code to non-existant files?  I was told we have an Apache proxy
server running on the private network which is not connected to the
Internet.  Could that even be related?  I'm going to dig more.

Bing

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Joshua Slive <jo...@slive.ca>.

On 8/30/06, Bing Du <bd...@iastate.edu> wrote:
> >> See:
> >> http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan
> >>
> >> Joshua.
> >
> > Aha!  Just looking at the question itself already makes me feel like
> > finding out a long lost friend.  I'm reading the answer now.  Thanks a
> > lot!
> >
>
> I'm now confused by what the pointer says:
>
> 'Therefore you can compare the size of the file (1456 in the above
> example) to the size of the corresponding file in your default server. If
> they are the same, then the proxy attempt failed, since a document from
> your server was delivered, not a document from www.yahoo.com.'
>
> In our situation, proxy is not on.  There are no corresponding files
> (4021489C329206511 and 3467595C1541548350) on our web server for the
> following requests.  So the following attempts actually succeeded??
>
> ==
> 222.185.24.17 - - [30/Aug/2006:08:37:57 -0500] "GET
> http://ad.zanox.com/ppv/?4021489C329206511 HTTP/1.0" 200 889
> "http://www.gamestart.info" "Mozilla/4.0 (compatible; MSIE 5.02; Windows
> 98)"
>
> 222.185.24.17 - - [30/Aug/2006:08:38:03 -0500] "GET
> http://ad.zanox.com/ppv/?3467595C1541548350 HTTP/1.0" 200 889
> "http://www.interstfree.com" "Mozilla/4.5 [en] (Win98; I)"

The part after the ? is the query string, not the filename.  Do you
have a directory "ppv" on your server?  If so, this might be normal.
If not, you are either proxying requests or you are returning 200
(success) status codes for requests to non-existant files.  Either
way, you have a problem.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Bing Du <bd...@iastate.edu>.

>> See:
>> http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan
>>
>> Joshua.
>
> Aha!  Just looking at the question itself already makes me feel like
> finding out a long lost friend.  I'm reading the answer now.  Thanks a
> lot!
>

I'm now confused by what the pointer says:

'Therefore you can compare the size of the file (1456 in the above
example) to the size of the corresponding file in your default server. If
they are the same, then the proxy attempt failed, since a document from
your server was delivered, not a document from www.yahoo.com.'

In our situation, proxy is not on.  There are no corresponding files
(4021489C329206511 and 3467595C1541548350) on our web server for the
following requests.  So the following attempts actually succeeded??

==
222.185.24.17 - - [30/Aug/2006:08:37:57 -0500] "GET
http://ad.zanox.com/ppv/?4021489C329206511 HTTP/1.0" 200 889
"http://www.gamestart.info" "Mozilla/4.0 (compatible; MSIE 5.02; Windows
98)"

222.185.24.17 - - [30/Aug/2006:08:38:03 -0500] "GET
http://ad.zanox.com/ppv/?3467595C1541548350 HTTP/1.0" 200 889
"http://www.interstfree.com" "Mozilla/4.5 [en] (Win98; I)"
==

Bing

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Bing Du <bd...@iastate.edu>.

> See:
> http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan
>
> Joshua.

Aha!  Just looking at the question itself already makes me feel like
finding out a long lost friend.  I'm reading the answer now.  Thanks a
lot!

Bing

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Joshua Slive <jo...@slive.ca>.

On 8/30/06, Bing Du <bd...@iastate.edu> wrote:
> Hi,
>
> Apache 2.0.52 on RHEL 4.
>
> Can anybody shed some light on why our access_log has the following
> messages?    Is the server being used as proxy or something by somebody
> else?  Thanks in advance.
>
> 222.185.24.17 - - [30/Aug/2006:08:37:57 -0500] "GET
> http://ad.zanox.com/ppv/?4021489C329206511 HTTP/1.0" 200 889
> "http://www.gamestart.info" "Mozilla/4.0 (compatible; MSIE 5.02; Windows
> 98)"
> 222.185.24.17 - - [30/Aug/2006:08:38:03 -0500] "GET
> http://ad.zanox.com/ppv/?3467595C1541548350 HTTP/1.0" 200 889
> "http://www.interstfree.com" "Mozilla/4.5 [en] (Win98; I)"

See:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Bing Du <bd...@iastate.edu>.

> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyrequests
>
Thanks for the pointer.  Hmmm...but I don't see the proxy service is
turned on in the httpd.conf.  What else I should suspect?

==
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#<IfModule mod_proxy.c>
#ProxyRequests On
#<Proxy *>
#</Proxy>
#ProxyVia On
#   CacheRoot "/var/cache/mod_proxy"
# End of proxy directives.
==

Bing

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] unknow sites found in access_log?

Posted by Di...@eurotours.at.

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyrequests

regards Dietmar



Bitte antworten an users@httpd.apache.org

An:     users@httpd.apache.org
Kopie:   
Thema:  [users@httpd] unknow sites found in access_log?


Hi,

Apache 2.0.52 on RHEL 4.

Can anybody shed some light on why our access_log has the following
messages?    Is the server being used as proxy or something by somebody
else?  Thanks in advance.

222.185.24.17 - - [30/Aug/2006:08:37:57 -0500] "GET
http://ad.zanox.com/ppv/?4021489C329206511 HTTP/1.0" 200 889
"http://www.gamestart.info" "Mozilla/4.0 (compatible; MSIE 5.02; Windows
98)"
222.185.24.17 - - [30/Aug/2006:08:38:03 -0500] "GET
http://ad.zanox.com/ppv/?3467595C1541548350 HTTP/1.0" 200 889
"http://www.interstfree.com" "Mozilla/4.5 [en] (Win98; I)"

Bing

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
"   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org