Join Log in
Score:-1
avatar Server

What does this webserver log entry tell me?

cn flag
Jason Wood

I am troubleshooting a system failure that occurred this morning and found these log entries shortly prior. In my mind these should be returning 404... right? Should I be concerned?

80.82.76.76 - - [13/Aug/2021:09:20:15 -0400] "GET http://azenv.net/ HTTP/1.1" 200 569
80.82.76.76 - - [13/Aug/2021:09:37:12 -0400] "GET http://azenv.net/ HTTP/1.1" 200 569

How would I reproduce this with cURL or postman? When I just put in a browser http://mydomain/http://azenv.net/ it shows in the log with a / at the start. Also it goes to https and does not show in my http log.

826
1 + 2
schroeder avatar
ve flag
schroeder
Although this might be part of a pentest, this looks like a normal, non-pentest, webserver config question.
1
Reply
Steffen Ullrich avatar
se flag
Steffen Ullrich
This is a proxy request, It can be reproduced by setting your web server as a proxy in curl. If these entries should return 404 or not depends on your specific (and unknown) server configuration and if the domain is your domain or not (also unknown).
1
Reply
Score:0
avatar Server
cn flag
Jason Wood

I found this resource which explains this issue thoroughly:

https://cwiki.apache.org/confluence/display/httpd/ProxyAbuse

I was able to see what result the attacker was seeing by running

telnet mydomain.com 80
GET http://azenv.net/ HTTP/1.1
Host: azenv.net
[press enter twice]

My server just returned the default homepage rather than data loaded from azenv.net. This is the reason for the 200 status code. No vulnerability was exploited. The above resource explains how you could change this behaviour if wanted.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.