I was recently asked 'What causes a line like this in our access.log?'
59.56.109.181 – – [22/Feb/2010:16:03:35 -0800] "GET http://www.google.com/ HTTP/1.1" 200 295 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Win2000)"
My immediate answer is that's someone exploring something a little devious.
But:
- how? Speculation… a short perl or python script could easily connect and ask for a URL with an invalid host.
- Vulnerabilities? What is someone looking for when they do this, what have they learned, and should we patch it?
- Do I need a tin-foil hat to keep them from reading my mind?
- And for me the real question: Shouldn't that be a 404 response, not a 200!?
This is on a standard LAMP server (Ubuntu).
Best Answer
Maybe you want to read http://wiki.apache.org/httpd/ProxyAbuse
specially this point: "My server is properly configured not to proxy, so why is Apache returning a 200 (Success) status code?", it asks your question "Shouldn't that be a 404 response, not a 200!?"
If apache conf is ok, its just sending root page. It's the reason because you get a status code is 200.