200 for www.yahoo.com?

hsegtreas · 07-27-2004, 11:16 PM

I run an apache server. I just found something a bit strange in the logs:

Code:

[27/Jul/2004:07:23:10 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 200 65464

Why does the server gives a 200 for yahoo?? I didn't set any proxy options..!
If i try to send the same string via telnet, here's what i get:

Code:

[27/Jul/2004:23:49:58 -0400] "GET http://www.yahoo.com/ HTTP/1.1" 400 307

Now, 65464 is exactly the size of my web page. So does that means that index.html was sent? Or was it really redirected to yahoo.com?

Or again, could it be that the log file was edited?

I've only been running a server for 3 months, so i'm far from being an expert on the subject.. But i'm curious to know what someone more experienced thinks about those logs?

Thanks!

Capt_Caveman · 07-27-2004, 11:38 PM

This is a weird behaviour of Apache that isn't well documented and took me a while to figure out as well. If a request is made to apache with a URL that isn't even on the server, then the default index.html page is served up instead and a 200 code is returned. It has to be something drastically different like www.yahoo.com instead of www.mywebsite to get that result. Simply miss-typing a URL will still get a 404. First time I saw it, I thought I was proxying traffic, but the page size is the tip-off.

It's still annoying though, because poorly written proxy-detecting bots will mistakenly think that you are an open proxy. So you'll commonly see a single requests for www.yahoo.com or www.sina.com . Then several days later you'll see an actual live attempt by someone to use you as a proxy and give up after getting your homepage a couple of times.

Capt_Caveman · 07-27-2004, 11:45 PM

Trying to replicate it was almost as frustrating as figuring out what was going on. Using telnet doesn't seem to work. I found the best way to do it was to modify your web browsers configuration and set it to use your web server as its http proxy. Then just type in "www.yahoo.com" and you'll get your homepage instead. Also the log message will show a 200 instead of a 400.

hsegtreas · 07-28-2004, 01:30 AM

You're right

i tried to set the proxy to my web server and typed http://www.yahoo.com/. The logs says that the page was sent, and even the pictures of the pages came from www.yahoo.com/pictures/...
lol I could never found out that one myself

I Looked quickly at what strings are really sent to the server with ethereal. The requests, with and without proxy settings are actually different...(no surprise..)
So it's just seems strange because apache doesn't log the full http request...

Thanks for the help!

Edit: If anyone is interested:

Request without proxy settings (standard request on a web server):

Code:

GET / HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.79 [en] (Windows NT 5.0; U)
Host: [my-web-server-was-here]
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

Request with proxy set on my server (the one that gives a strange log entry):

Code:

GET http://www.yahoo.com/ HTTP/1.0
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.79 [en] (Windows NT 5.0; U)
Host: www.yahoo.com
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

So it probably has something to do with the "Host" field.

Capt_Caveman · 07-28-2004, 07:31 AM

Cool. Your thread had made me curious about how the http requests might be different. Thanks for posting that.