maes
July 28th, 2003, 12:56 PM
I'm running an apache webserver just for fun and to improve my knowledge about those thing and I have a few questions:
this is a regular line from a log:
xxx.xxx.xxx.xxx - - [28/Jul/2003:14:36:47 +0200] "GET /maes.jpg HTTP/1.1" 200 3808
I know what GET and POSTS means, but In my logs apear others also:
HEAD
SEARCH
CONNECT
OPTIONS
examples:
-{ Quote: "
xxx.xxx.xxx.xxx - - [27/Jul/2003:12:09:47 +0200] "HEAD / HTTP/1.0" 200 0
xxx.xxx.xxx.xxx - - [27/Jul/2003:10:14:11 +0200] "SEARCH / HTTP/1.1" 501 345
xxx.xxx.xxx.xxx - - [15/Jul/2003:08:56:18 +0200] "CONNECT maila.microsoft.com:25 HTTP/1.0" 405 310
xxx.xxx.xxx.xxx - - [23/Jul/2003:10:27:43 +0200] "OPTIONS * HTTP/1.0" 200 -
" }-
According to the errorcode that was returned:
HEAD and OPTIONS was accepted
SEARCH is not implemented
CONNECT is not allowed.
Should I be worried about the HEAD and the OPTIONS?
how do people generate these messages? And what kind of info does the other party get?
This is an other GET message:
-{ Quote: "
xxx.xxx.xxx.xxx - - [18/Dec/2002:23:40:06 +0100] "GET http://www.yahoo.com/ HTTP/1.1" 200 4162
" }-
As far as I know, I'm not mirroring yahoo, so why does someone want to get he yahoo page through my server. Is there someting I can do about it?
BTW, here's another CONNECT message: look at the IP, and portnumber (I didn't do this, this came directly from my log)
-{ Quote: "
xxx.xxx.xxx.xxx - - [24/Jul/2003:13:26:09 +0200] "CONNECT 1.3.3.7:1337 HTTP/1.0" 405 310
" }-
the IP were it came from was registerd to :
-{ Quote: "
Registrant:
Imex Spaces Limited
Trading As: Imex Spaces Limited
" }-
So I think he spoofed it
--Maes
this is a regular line from a log:
xxx.xxx.xxx.xxx - - [28/Jul/2003:14:36:47 +0200] "GET /maes.jpg HTTP/1.1" 200 3808
I know what GET and POSTS means, but In my logs apear others also:
HEAD
SEARCH
CONNECT
OPTIONS
examples:
-{ Quote: "
xxx.xxx.xxx.xxx - - [27/Jul/2003:12:09:47 +0200] "HEAD / HTTP/1.0" 200 0
xxx.xxx.xxx.xxx - - [27/Jul/2003:10:14:11 +0200] "SEARCH / HTTP/1.1" 501 345
xxx.xxx.xxx.xxx - - [15/Jul/2003:08:56:18 +0200] "CONNECT maila.microsoft.com:25 HTTP/1.0" 405 310
xxx.xxx.xxx.xxx - - [23/Jul/2003:10:27:43 +0200] "OPTIONS * HTTP/1.0" 200 -
" }-
According to the errorcode that was returned:
HEAD and OPTIONS was accepted
SEARCH is not implemented
CONNECT is not allowed.
Should I be worried about the HEAD and the OPTIONS?
how do people generate these messages? And what kind of info does the other party get?
This is an other GET message:
-{ Quote: "
xxx.xxx.xxx.xxx - - [18/Dec/2002:23:40:06 +0100] "GET http://www.yahoo.com/ HTTP/1.1" 200 4162
" }-
As far as I know, I'm not mirroring yahoo, so why does someone want to get he yahoo page through my server. Is there someting I can do about it?
BTW, here's another CONNECT message: look at the IP, and portnumber (I didn't do this, this came directly from my log)
-{ Quote: "
xxx.xxx.xxx.xxx - - [24/Jul/2003:13:26:09 +0200] "CONNECT 1.3.3.7:1337 HTTP/1.0" 405 310
" }-
the IP were it came from was registerd to :
-{ Quote: "
Registrant:
Imex Spaces Limited
Trading As: Imex Spaces Limited
" }-
So I think he spoofed it
--Maes