0

I have the following logs on my apache2. 

61.157.96.193 - - [10/Aug/2016:12:09:47 +0200] "GET http://50.117.47.67:43530/?rands=_11744130666812773703498720 HTTP/1.1" 200 11359 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
104.216.4.237 - - [02/Sep/2016:01:30:05 +0200] "GET http://104.216.4.237:8653/?rands=_130685931643406872390480 HTTP/1.1" 200 11359 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"

This should return a 404 response?

Sven
  • 98,649
  • 14
  • 180
  • 226
MarcosRua
  • 11

2 Answers2

1

You probably have mod_proxy enabled which allows the request to succeed. I'd disable the module if you don't use it.

Mugurel
  • 903
  • 1
  • 9
  • 17
0

If your Apache server is not configured to behave as a proxy it is going to ignore the protocol and hostname part of the GET request. Thus it will behave as if the client had requested:

/?rands=_11744130666812773703498720

The ? character indicates that the rest of the URL is parameters. Thus it should only produce a 404 code if there is no / on your server. Assuming / on your server does not look for a rands parameter the response will be the same as if the client had sent this request:

GET / HTTP/1.1
kasperd
  • 30,455
  • 17
  • 76
  • 124