Here is another one:
Code:84.19.189.188 - - [03/Jun/2007:16:39:19 +0100] "GET /192.168.1.1/ HTTP/1.0" 404 0 "" ""
Once a while I get this sort of entries in my web server log:
As you can notice, a packet has reached my web server from a legitimated Internet IP address out from my ISP network. What I do not get is the destination address "myasus". Sometimes I see the local (LAN) IP of my web server. How comes?Code:87.118.112.164 - - [02/Jun/2007:06:37:23 +0100] "UNKNOWN /myasus UNKNOWN" 400 0 "" ""
I guess it has something to do with NAT/port forwarding; if so, why some few packets appear this way instead of as it is expected, that is with the DNS or public IP address of my web server?
Last edited by Tamadite; 02-06-2007 at 21:17.
Here is another one:
Code:84.19.189.188 - - [03/Jun/2007:16:39:19 +0100] "GET /192.168.1.1/ HTTP/1.0" 404 0 "" ""
Solved!
These are legitimate packets.
EXPLANATION
===========
By using version 1.1 of HTTP the client is required to send a header field named "Host" which indicates the virtual host the request is aimed at. In the cases below, the client did not indicate it.
This is described in RFC2616 section 14.23.
SEVERITY
=======
These sorts of packets should not compromise the server.