Mike Blomgren wrote: > Comments below. > > >>-----Original Message----- >>From: Thomas Jensen [mailto:securityfocusat_private] >>Sent: den 11 juni 2003 09:53 >>To: incidentsat_private >>Subject: Re: Strange CONNECT entries in apache logs >> >>I just looked in my logs and found the same (CONNECT with a >>200 code). However it might not be the problem it seems to >>be. I tried connecting >>with telnet and execute a CONNECT command - the result was a 200 code >>and the output of my own /index.php page. >>I have found several references to this being a PHP4 bug, which can >>happen when you have an index.php file and a DirectoryIndex index.php >>directive in you Apache conf. > > This behaviour can occur if there is a 'redirect' from a non-existent > file, to an errorpage. The webserver should return a 404 status, since > the request was made to a non-existing page, but the actual 'error page' > exists and thus returns 200 status. A very common problem on IIS servers > - however seemingly not the case here. The issue is none the less > important to resolve for several reasons: 1) Not falsely attract scum > such as proxy and spam-relayers, 2) Update indexes of search engines. Hmm, personally I don't mind that a few scumbag spammers thinks that they can spam thru my server - as long as they can't ;-) A matter of taste I guess. Regarding (2), I don't think a search engine would try a CONNECT request. For anyone interested in testing their own servers, I use these few lines of python code: import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('localhost', 80)) s.send('CONNECT www.nonexistant.abc:80 HTTP/1.0\r\n\r\n') print s.recv(10240) Replace 'localhost' as appropriate for your configuration. Best regards Thomas Jensen ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 13:22:28 PDT