Re: Strange CONNECT entries in apache logs

[Thomas Jensen <securityfocus () obscure dk>]

Christine Kronberg wrote:

[status 200 on CONNECT]

>   I see the same, when people try to use my apache as proxy. But
>   my index page has always the same size (I do not alter each day :-) ).
>   The entries above show a big difference in the transferred bytes.

That is true, I didn't notice that.
However, a dynamic PHP page could vary quite a bit.
I think the sensible thing to do is to check in each case whether it's a 
misconfigured proxy or simply a PHP4 bug.
I almost paniced and shut down our webserver when I saw the entries in 
the log :-)

> > I have found several references to this being a PHP4 bug, which can
> > happen when you have an index.php file and a DirectoryIndex index.php
> > directive in you Apache conf.
>
>
>   As I don't have php, do you also see a hop in the transferred bytes?
>   Or is that stable?

It's mostly stable in my case - I can track the variations in size to 
the changes that I've made to the DB that drives the page.
But, on a blog type site, I whould imagine the variations would be 
bigger and more frequent.

Best regards
Thomas Jensen


----------------------------------------------------------------------------
----------------------------------------------------------------------------