Article:
  Apache Web-Serving with Mac OS X: Part 2
Subject:   questionable log entries
Date:   2003-10-02 09:55:53
From:   jmedley
I found the following log entries in access_log and am not sure what they are....
61.171.141.217 - - [02/Oct/2003:01:34:42 -0500] "GET http://www.sina.com.cn/ HTTP/1.1" 200 6962
61.171.141.217 - - [02/Oct/2003:02:23:21 -0500] "GET http://www.gov.tw/ HTTP/1.1" 200 6962
61.171.141.217 - - [02/Oct/2003:02:24:18 -0500] "GET http://www.google.com/ HTTP/1.1" 200 6962
61.171.141.217 - - [02/Oct/2003:02:25:44 -0500] "GET http://pubs.acs.org/journals/query/subscriberSearch.jsp HTTP/1.1" 404 314
61.171.141.217 - - [02/Oct/2003:02:27:40 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 6962


Is someone going to other sites through my site?


Thanks,
JimM

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • questionable log entries
    2003-12-14 14:41:20  anonymous2 [View]

    No. From my experience, this does not mean you are an available open proxy: the 200 is misleading.
    The response size is always 6962, which is most likely to be your homepage (check against normal homepage requests), the exception is the jsp file request, which is responding with a 404 due to journals/query/subscriberSearch.jsp not existing on _your_ server. If they had requested a file that did exist on your server, for example mylogo.gif this would have returned that file (tested this on my apache 2.0.48-win32 server).
    Situation: your server is not being used as an open proxy and the request is being parsed so that http://xxx.xxx.etc/ becomes / returning files from your server, not the remotes as presumed.
    This is happening to many, do a google on "GET http://www.yahoo.com/" to check out what others have to say.
  • questionable log entries
    2003-11-01 07:04:10  anonymous2 [View]

    Indeed - it looks like you're running an open proxy on that server and whoever is at 61.171.141.217 has found it. www.yahoo.com seem to be a common test address in use for checking for open proxies.

    If this access should not ba allowed (i.e. 61.171.141.217 is not an address you wish to proxy for) reconfigure your proxy server to return a 4xx (e.g. 404 or 403) error.

    Example from my log:
    64.222.176.130 - - [01/Nov/2003:14:32:00 +0000] "GET http://www.yahoo.com/ HTTP/1.1" 403 2898 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

    Hope this helps,
    Regards,
    -->Gar