Hi, I'm running Apache 2.0 (2.0.29-dev) on my test server (NetWare) and I've found the following line(s) in server's log file recently:
xx.xx.xx.xx - - [05/Dec/2001:17:19:20 +0100] "GET http://www.s3.com HTTP/1.1" 200 1456 I've made some work-around and found the following: 1. Server's document root is accessed in this situation (code 200 unexpectedly returned). It's probably not a security issue, but I'm not sure. Regardless, it's obvious that incorrect lines may occur in the log files so skewed results could be produced when analysing them. 2. It seems to be independent on platform and version of the Apache webserver (also tested on some 1.3 versions - Linux, NetWare). 3. I'm able to reproduce this with protocol version 1.0 (see below), wondering that I'm not able to reproduce it with version 1.1 (see above) - code 400 returned when I'm trying to do the same, but I'm not too familiar with corresponding RFCs... Sorry, no time to look into sources, but I think that there must be something wrong in http parser. Pavel --- $ telnet dev.apache.org 80 Trying 64.125.133.20... Connected to dev.apache.org. Escape character is '^]'. GET http://something HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 18 Dec 2001 09:33:43 GMT Server: Apache/2.0.28 (Unix) Accept-Ranges: bytes Content-Length: 5303 Connection: close Content-Type: text/html ... --- $ telnet dev.apache.org 80 Trying 64.125.133.20... Connected to dev.apache.org. Escape character is '^]'. GET http://something HTTP/1.1 HTTP/1.1 400 Bad Request Date: Tue, 18 Dec 2001 10:42:17 GMT Server: Apache/2.0.28 (Unix) Content-Length: 375 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /</p> <hr /> <address>Apache/2.0.28 Server at dev.apache.org Port 80</address> </body></html> Connection closed by foreign host.
