Re: Suspiciously Weird Apache Log -- HELP

Sun, 31 Aug 2003 01:35:23 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: message/rfc822

X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
To: [EMAIL PROTECTED]
Subject: Re: Suspiciously Weird Apache Log -- HELP 
In-Reply-To: Your message of "Sat, 30 Aug 2003 21:00:48 EDT."
             <[EMAIL PROTECTED]> 
Cc: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii


In message <[EMAIL PROTECTED]>, "Reuben D. Budiardja" said:
>On Saturday 30 August 2003 10:11 am, MKlinke wrote:
>> On Saturday 30 August 2003 01:39, Reuben D. Budiardja wrote:
>> > First of all, is this dangerous and make my machine vulnerable?
>> >
>> > RDB
>>
>> You should easily be able to duplicate the entry by telnetting into your
>> web server on port 80 and issue the same or similar GET request.  In my
>> case the URL requested is ignored and the web page's proper data is
>> returned but like you the entry in the access log show:
>>
>> "GET http://www.webtwo.com/"; 200 16991 "-" "-"
>>
>> when, for example test this against www.webone.com.
>>
>> Take a look at the number after the "200"; is it the nuber of bytes
>> contined in YOUR web site?  If so, that is what was probably displayed.
>
>OK, I am don't quite understand this. When I tried telnetting to port 80 on my
    > 
>own server, and then say
>GET http://www.webtwo.com/
>
>all I get in reply is the index page of my own server. So I am fine? The proxy
>folder in the apache directory also empty
>

Yes, you're fine.  I did some tests today and I get the same behavior.  The 
logs look like it did a proxy transfer, but in reality it just sent my test 
homepage.

jeffl


- -- 
Jeffrey F. Lawhorn                       |Internet Security Consulting
Software Design Associates, Inc.         |IDS Installation/Monitoring
[EMAIL PROTECTED]       858-679-5900 x:5900|Firewall Installation/Monitoring
http://www.wanet.net/ 858-679-2327 fax   |

What is your network being used for?
How do you know?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.4 05/15/2001

iD8DBQE/UVCS8C9p/jh+J34RAp23AJ470ve4dNlwZp4Q7Oj6qozVcBGuLwCbBf2B
kzBAGLL0un63c7V8hJAh2/E=
=oJCj
-----END PGP SIGNATURE-----


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to