Website log file security question: Can a browser client create an offsite GET entry?

Discussion in 'other security issues & news' started by Devinco, Apr 2, 2006.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I've searched for answers to no avail, maybe someone could shed some light on this technical web log file analysis question?

    In looking at a raw web log, I've come across an unusual entry. (some info has been changed):

    123.123.123.123 - - [15/Mar/2006:12:00:00 -0500] "GET http://www.OFFSITEDOMAIN.com/ HTTP/1.1" 200 3545 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

    Note the part: GET http://www.OFFSITEDOMAIN.com/

    Normally this section shows a page that has been requested by the browser that is ON the website (like /index.html). But in this case, a GET request has been logged for a completely different domain. This is not the referring domain, it is the requested domain.
    Is it possible for a browser (or a client posing as a browser) to generate a GET request in the log for a website/page that is not even on the server?
    How is that done?
    Is there a way to prevent it?
     
    Devinco, Apr 2, 2006
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...