[CentOS] Strange queries in httpd log

Fri Feb 24 10:22:28 UTC 2012
Markus Falb <markus.falb at fasel.at>

On 24.2.2012 10:17, Jussi Hirvi wrote:
> On 24.2.2012 10.27, John R Pierce wrote:
>> On 02/24/12 12:10 AM, Jussi Hirvi wrote:
>>> ...when the DNS shows that the domain financeande.com is hosted
>>> elsewhere? What kind of query can they have used?
>>
>> a forged one with a bogus vhost.
> 
> I get almost similar entry, if I hit this on the browser:
> 
> http://www.my_real_domain.com/http://bogus.com
> 
> It shows like this in the log:
> 
>  > (...) - - [24/Feb/2012:11:12:27 +0200] "GET /http://bogus.com 
> HTTP/1.1" 404 292 "-" (...)
> 
> Only here it starts with a slash (/http...), but in the original log 
> entry there was no slash. I'm still curious to know how this log entry 
> was born:
> 
>  > "GET http://financeande.com/feed/feed.php HTTP/1.1" 404 291 (...)
> 
> - Jussi

It was a check for proxy.
you can try something like this:

$ telnet www.my_real_domain.com 80
Trying ...
Connected to www.my_real_domain.com.
Escape character is '^]'.
GET http://financeande.com/feed/feed.php HTTP/1.1
host: www.my_real_domain.com
[double enter]

-- 
Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120224/d6b033c3/attachment-0005.sig>