Why are external domains appearing in my apache logs?
I've got several log entries that refer to an external domain - mainly a Russian search engine (http://www.yandex.ru/)
How are these appearing in my logs?
82.146.58.53 - - [10/Jun/2010:00:49:11 +0000] "GET http://www.yandex.ru/ HTTP/1.0" 200 8859 "http://www.yandex.ru/" "Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.5.22 Version/10.50"`
82.146.59.209 - - [10/Jun/2010:01:54:10 +0000] "GET http://www.yandex.ru/ HTTP/1.0" 200 8859 "http://www.yandex.ru/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2"`
82.146.41.7 - - [10/Jun/2010:02:55:34 +0000] "GET http://www.yandex.ru/ HTTP/1.0" 200 8859 "http://www.yandex.ru/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1045 Safari/532.5"
125.45.109.166 - - [09/Jun/2010:11:04:17 +0000] "GET http://proxyjudge1.proxyfire.net/fastenv HTTP/1.1" 404 1010 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Solution 1:
The probes are by crackers looking for open proxies: some (badly configured) reverse proxies will connect to any domain, not just the domain they're supposed to be serving. They are trying to use your server to connect to and abuse another site.
Solution 2:
Anyone can connect to a webserver and request any url they wish from any host. It'll then turn up in your log. An example,
$ nc www.whateveryourdomainishere.com 80
GET / HTTP/1.1
host: www.asdfasdfasdfsdafsdf.com
Will get you an entry in your apache log for www.asdfasdfasdfsdafsdf.com