3

I got a strange in apache access_log

117.86.199.18 - - [27/Jul/2014:10:42:10 +0200] "GET http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 HTTP/1.1" 302 256

It looks that somebody/something is trying to use my server as proxy. The question: is this dangerous? There is a way to forbid using my web server as a proxy?

gdm
  • 419
  • 2
  • 5
  • 15
  • 3
    Yes, and your server 302 directs it somewhere else. What is your question? – faker Jul 27 '14 at 18:34
  • As per @faker - there is nothing obviously sinister here. Your server is not being used as a proxy. Possibly someone doing some kind of migration. This is not really a question for serverfault. – davidgo Jul 28 '14 at 19:53
  • This sort of question comes up regularly. [Here](http://serverfault.com/questions/395775/could-this-server-log-mean-my-server-is-being-used-as-a-proxy) [are](http://serverfault.com/questions/605343/my-webserver-is-getting-flooded-with-invalid-requests) [four](http://serverfault.com/questions/582084/is-my-apache-server-under-attack) [examples](http://serverfault.com/questions/303095/strange-request-in-access-log-how-to-block). Spammers are always looking for open proxies. As long as your server is not acting as a proxy, it's probably no threat. – Ladadadada Nov 25 '14 at 11:52

1 Answers1

3

This is a common scan looking for open web proxies. If you are not running one, you don't need to worry about this.

If you don't know if you are running one, you probably aren't, since you'd have to explicitly configure it. In apache, that would mean an active <Proxy> configuration directive in an active httpd.conf file or include.

Falcon Momot
  • 24,975
  • 13
  • 61
  • 92