Config help...

Yeah.. if I try to "get" with a web browser, I get results like this:

localmachineonlocalnet - - [11/Nov/2004:06:00:18 -0500] "GET
/http://www.ebay.com HTTP/1.1" 404 1085
localmachineonlocalnet - - [11/Nov/2004:06:00:18 -0500] "GET
/errors/alert_black.gif HTTP/1.1" 200 242
localmachineonlocalnet - - [11/Nov/2004:06:00:18 -0500] "GET
/errors/apache_pb.gif HTTP/1.1" 200 2326

....which is the behaviour I would expect. I don't know how whomever is
doing this is formatting the command to "get" another website's
homepage thru my server, so I can't "test" how they're doing it to see
the results.

I don't think firewalling every individual IP that comes in trying to
use my webserver as a relay (or whatever they're doing) is a viable
solution. It'd take time to manually add every IP that does this, and
I've got better things to do with my days.

What confuses me is the "200" result code... and what are the 869
bytes that are sent back? My "404" page is a bit larger than that, and
involves some graphics, so they're not getting that page.

If I knew how the "get" was being sent, I might be able to recreate it
to see what the behaviour is, and what the results are.

73 de AI8W, Chris


Davide Bianchi wrote:
 > On 2004-11-11, sideband <AINO8SPAMW.DeleteThis@cac.net> wrote:
 >
  >>that I find undesirable. The problem is I don't know where to look to
  >>find out how to stop it.
 >
 >
 > Put that IP address in your firewall.
 >
 >
  >>Now I don't want people to be able to use my web server as a relay..
 >
 >
 > If you noticed, the page retrived is always 869 bytes long, that make
 > me think that what they receive is the 'standard' page not found
 > message from your site. Did you tried it yourself?
 >
 > Davide
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Config help... 

On 2004-11-11, sideband <AINO8SPAMW.RemoveThis@cac.net> wrote:
 > ...which is the behaviour I would expect. I don't know how whomever is
 > doing this is formatting the command to "get" another website's

You put the IP of your server in the "proxy" configuration of your browser.

 > It'd take time to manually add every IP that does this

You run a script that process the log file, extract the IPs and add them
in automatic.

Davide

--
Q: What's the difference between Windows 95 and a highly destructive virus?
A: About 90 MB of hard disk space.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Config help... 

Davide Bianchi wrote:
 > You run a script that process the log file, extract the IPs and add them
 > in automatic.
 >
 > Davide
 >
Davide:

That would work, except for the fact that the firewall and webserver
are on different machines, and I really don't want to open access to
the webserver from the firewall like that for security reasons.

I'd rather have such relay attempts return a 404 error, as it should,
and be done with it.. At least then, when I parse the logfiles for
errors, I won't miss these, like I almost did.

Which goes back to my original question... What options in httpd.conf
do I have to set in order to prevent the 200's and have them come up
as 404's, or whatever the applicable reply should be?

73 de AI8W, Chris<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Config help... 

On 2004-11-11, sideband <AINO8SPAMW.TakeThisOut@cac.net> wrote:
 > That would work, except for the fact that the firewall and webserver

Look, the point is that _it_can_be_done_. There are no technical reason
to _not_do_it_, if _you_ don't want to do it, is your problem. End of
the matter. Just ignore them.

Davide

--
What's good for Standard Oil is good for Microsoft.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Config help...