varnish 2.15 - possible security exploit?
pom at dmsp.de
Tue Feb 22 15:22:27 CET 2011
Am 22.02.2011 15:10, schrieb Mike Franon:
> The reason why I am thinking that some sort of exploit might be going
> on is, looking at the varnish logs I was seeing some url's for domains
> we do not even own. I am not sure how get requests are coming through
> for not our own domain's? Majority of get are for us, but 10% or so
> are not
Varnish is generally only logging the host header of the http requests.
You can easily connect to some server using its ip address and transfer
some random host header for the http request itself. This can be easily
done by using wget or telnet for example. I am using this regularly for
testing purposes when updating some configuration on vhosts or stuff.
Therefore the strange domain names have nothing to do with some security
exploit, but this is simply another layer of connectiviy.
*Dipl.-Inform. Stefan Pommerening
Informatik-Büro: IT-Dienste & Projekte, Consulting & Coaching*
More information about the varnish-misc