varnish 2.15 - possible security exploit?

Stefan Pommerening pom at dmsp.de
Tue Feb 22 15:22:27 CET 2011


Am 22.02.2011 15:10, schrieb Mike Franon:
> The reason why I am thinking that some sort of exploit might be going
> on is, looking at the varnish logs I was seeing some url's for domains
> we do not even own.  I am not sure how get requests are coming through
> for not our own domain's?  Majority of get are for us, but 10% or so
> are not

Varnish is generally only logging the host header of the http requests. 
You can easily connect to some server using its ip address and transfer 
some random host header for the http request itself. This can be easily 
done by using wget or telnet for example. I am using this regularly for 
testing purposes when updating some configuration on vhosts or stuff.

Therefore the strange domain names have nothing to do with some security 
exploit, but this is simply another layer of connectiviy.

Stefan

-- 

*Dipl.-Inform. Stefan Pommerening
Informatik-Büro: IT-Dienste & Projekte, Consulting & Coaching*
http://www.dmsp.de <http://www.dmsp.de/>





More information about the varnish-misc mailing list