Subject: Re: Apache log
From: Wesley Brown (webtacsat@yahoo.com)
Date: Sat Jan 03 2004 - 22:28:45 AKST
Thanks for the info. I tried to telnet to my webserver and do what you suggested. Here is what I got.
192.168.0.199 - - [04/Jan/2004:01:49:40 -0500] "\xff\xfb\\x1f\xff\xfb\ xff\xfb\x18\xff\xfb'\xff\xfd\x01\xff\xfb\x03\xff\xfd\x03GET htpp://www.yahoo.com" 400 371
I had to do this from a Windows computer because I have a smoothwall running with a windows and a mac on the green side and all my linux boxes on the orange interface. And the orange can't access the web server. So I used PUTTY to telnet into the web server like you said. Anyway what does all that mean? I obviously was returned to an error page even though I didn't see it on the windows computer.
I got a log awhile back sort of like this that confused me and I asked some groups and looked on google to no avail. The other log was at least a hundred lines of almost the same /x90 repeated over and over again. What is all that about? i know they were returned that the request was too long.
Wesley Brown
www.greyhatcorp.com
James Zuelow <e5z8652@zuelow.net> wrote:
On Sat, 3 Jan 2004 10:09:35 -0800 (PST)
Wesley Brown wrote:
> In my apache log I get some entries that seem to request another web page through my server. Like I am a proxy server.
>
> Here is the latest entry:
>
> 64.222.176.13 - - [02/Jan/2004:14:16:23 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 4553
>
> I assume because of the 200 after the request that the attempt was successful. I have read a little about this problem but I don't understand how to fix it. Does anyone know what I am talking about? The fix seems simple I just don't know where to do it at.
>
Wesley,
Do you have address re-writing turned on, or custom error pages? These 200 messages are not necessarily indicative of an open proxy. All it means is that the server returned SOMETHING to the requestor. You could have an open relay, but lets hope not.
For example, try this:
$ telnet www.juneau-lug.org 80
Trying 24.237.22.218...
Connected to www.juneau-lug.org
Escape character is '^]'.
GET http://www.yahoo.com
(snip)
Your telnet session will result in a log entry in my logs that shows a request for yahoo.com with a "success" message of 200, but the page you get isn't yahoo's. In my case, it is the juneau-lug.org page, and in your case it could either be your home page or a 404 error page.
Your log entry above shows you returned 4553 bytes, so it is probably not a 404 error page. IIRC the stock 404 error page is 288 bytes - however if you've got a custom error page such as the Marvin the depressed robot page, or These Weapons of Mass Destruction Cannot Be Found, etc. then your byte count will be significantly higher.
Telnet to yourself and ask for yahoo.com, and see what you get.
Cheers,
James
---------
To unsubscribe, send email to
with 'unsubscribe' in the message body.
---------------------------------
Do you Yahoo!?
Find out what made the Top Yahoo! Searches of 2003
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Sat Jan 03 2004 - 22:28:49 AKST