I noticed something odd in my logs this morning. Someone tried sending this
request to one of my servers:
CONNECT xx.xx.xx.xx:25 HTTP/1.0
The server returned a 302, with a Location: of http://127.0.0.1, which I
verified by telnetting to port 80 and trying it myself. This particular
server is Apache 2.0.58, with the following modules loaded:
mod_log_config.so
mod_mime.so
mod_negotiation.so
mod_status.so
mod_include.so
mod_dir.so
mod_cgi.so
mod_alias.so
mod_rewrite.so
mod_access.so
mod_auth.so
mod_headers.so
mod_setenvif.so
mod_geoip.so
mod_watch.so
libphp5.so
I tried the same query via telnet to my other server, which is running
1.3.34 with these modules:
mod_env.so
mod_log_config.so
mod_mime.so
mod_negotiation.so
mod_status.so
mod_include.so
mod_dir.so
mod_cgi.so
mod_asis.so
mod_imap.so
mod_actions.so
mod_alias.so
mod_rewrite.so
mod_access.so
mod_auth.so
mod_headers.so
mod_setenvif.so
mod_watch.so
mod_gzip.so
libphp5.so
mod_geoip.so
When I tried the same request, it returned a 200 and the contents of the
server's default index page.
I should add that both servers are configured essentially the same, except
for the necessary differences between 2.0 and 1.3. I don't see any config
options that would specify what to do with CONNECT requests, nor should
there be any rewrite rules that would redirect traffic to localhost.
I'm not particularly concerned about this - I assume they were trying to use
a proxy server to relay spam, and since I'm not running a proxy, it didn't
work - but it piques my interest. What caused the 2.0 server to respond
differently than 1.3? Is it a module, or built-in behavior? Thanks for any
input you can provide.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
