Website log file security question: Can a browser client create an offsite GET entry?

Discussion in 'other security issues & news' started by Devinco, Apr 2, 2006.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I've searched for answers to no avail, maybe someone could shed some light on this technical web log file analysis question?

    In looking at a raw web log, I've come across an unusual entry. (some info has been changed):

    123.123.123.123 - - [15/Mar/2006:12:00:00 -0500] "GET http://www.OFFSITEDOMAIN.com/ HTTP/1.1" 200 3545 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

    Note the part: GET http://www.OFFSITEDOMAIN.com/

    Normally this section shows a page that has been requested by the browser that is ON the website (like /index.html). But in this case, a GET request has been logged for a completely different domain. This is not the referring domain, it is the requested domain.
    Is it possible for a browser (or a client posing as a browser) to generate a GET request in the log for a website/page that is not even on the server?
    How is that done?
    Is there a way to prevent it?
     
Loading...
Thread Status:
Not open for further replies.