Am 22.02.2011 15:10, schrieb Mike Franon:
The reason why I am thinking that some sort of exploit might be going on is, looking at the varnish logs I was seeing some url's for domains we do not even own. I am not sure how get requests are coming through for not our own domain's? Majority of get are for us, but 10% or so are not
Varnish is generally only logging the host header of the http requests. You can easily connect to some server using its ip address and transfer some random host header for the http request itself. This can be easily done by using wget or telnet for example. I am using this regularly for testing purposes when updating some configuration on vhosts or stuff.
Therefore the strange domain names have nothing to do with some security exploit, but this is simply another layer of connectiviy.
Stefan -- *Dipl.-Inform. Stefan Pommerening Informatik-Büro: IT-Dienste & Projekte, Consulting & Coaching* http://www.dmsp.de <http://www.dmsp.de/> _______________________________________________ varnish-misc mailing list [email protected] http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
