In my access logs i have some requests like so:
[18/Dec/2014:10:07:51 +0300] "GET /favicon.ico HTTP/1.1" 301 184 "-" "Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon"
[18/Dec/2014:11:35:11 +0300] "GET http://s1.bdstatic.com/r/www/cache/static/home/img/logos/nuomi_ade5465d.png HTTP/1.1" 301 184 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.3072; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0)"
what's this? Should I be concerned about security?
Answer
There is no reason for concern in the log entries you posted.
The first is a request for an image file that many browsers use as icon when displaying a page from your site or a bookmark.
The second request is an attempt to use your server as HTTP proxy. However it looks like your server just ignores the proxy part of that attempt and instead responds as if it had been a local site.
If you want to be certain, you can test it manually using telnet. Here is what it looks like on one of my servers:
$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET http://s1.bdstatic.com/r/www/cache/static/home/img/logos/nuomi_ade5465d.png HTTP/1.1
Host: s1.bdstatic.com
HTTP/1.1 404 Not Found
And here is what it looks like if I try to access the root of the domain:
$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET http://s1.bdstatic.com/ HTTP/1.1
Host: s1.bdstatic.com
HTTP/1.0 302 Moved Permanently
Both of the above were served by my default vhost.
In your case I would assume you have a default vhost configured to redirect everything to your actual domain.
No comments:
Post a Comment