On Mon, 19 Aug 2002, Michael B. Morell wrote: > The netblock is owned by AOL (195.73.x.x/16). I received about 20-30 > requests (albeit valid requests) from what looked like 20 sequential hosts > from within that block. Further inspection of the logs though showed that > it was from really 1 session (validated thru aspsession identifier). > > So my question is, does anyone know whether or not that this is some sort of > valid AOL proxy behavior where a request for a single page can go thru > multiple proxies? Spawning multiple proxies to request information that > generally only 1 proxy would get. (ie, a request for a web page resulted in > 3 different hosts getting different parts of the page, all off of the same > aspsession id) > Completely normal. From one of the sites I administer (in standard apache combined format) : cache-rc02.proxy.aol.com - - [17/Aug/2002:21:03:27 -0700] "GET / HTTP/1.0" cache-rc01.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file1.jpg HTTP/1.0" cache-rg04.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file2.jpg HTTP/1.0" cache-rg03.proxy.aol.com - - [17/Aug/2002:21:03:34 -0700] "GET /file3.jpg HTTP/1.0" cache-rm04.proxy.aol.com - - [17/Aug/2002:21:03:35 -0700] "GET /file4.jpg HTTP/1.0" cache-rm05.proxy.aol.com - - [17/Aug/2002:21:03:36 -0700] "GET /menu2.swf HTTP/1.0" cache-rc08.proxy.aol.com - - [17/Aug/2002:21:03:46 -0700] "GET /file6.jpg HTTP/1.0" I've trimmed the referrer and useragent fields, but they seem to be valid as well. - Jeff Jirsa -- Jeff Jirsa jeffat_private -- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 09:32:35 PDT