Strange access requests

nginx

There is no reason for concern in the log entries you posted.

The first is a request for an image file that many browsers use as icon when displaying a page from your site or a bookmark.

The second request is an attempt to use your server as HTTP proxy. However it looks like your server just ignores the proxy part of that attempt and instead responds as if it had been a local site.

If you want to be certain, you can test it manually using telnet. Here is what it looks like on one of my servers:

$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET http://s1.bdstatic.com/r/www/cache/static/home/img/logos/nuomi_ade5465d.png HTTP/1.1
Host: s1.bdstatic.com

HTTP/1.1 404 Not Found

And here is what it looks like if I try to access the root of the domain:

$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET http://s1.bdstatic.com/ HTTP/1.1
Host: s1.bdstatic.com

HTTP/1.0 302 Moved Permanently

Both of the above were served by my default vhost.

In your case I would assume you have a default vhost configured to redirect everything to your actual domain.


Point of information -- we saw a few requests for this exact same URI (s1.bdstatic.com) come through one of our addresses a few days ago. So i'm reluctant to assume the request is benign, although it could just be someone using that image in a scan for open proxies.

125.64.35.67 1418849297 <internal> GET http://s1.bdstatic.com/r/www/cache/static/home/img/logos/nuomi_ade5465d.png HTTP/1.1
125.64.35.68 1418853519 <internal> GET http://s1.bdstatic.com/r/www/cache/static/home/img/logos/nuomi_ade5465d.png HTTP/1.1

It's a scan for open proxies. I've seen a few in the last couple of weeks.

125.64.35.68 - - [05/Jan/2015:03:54:36 -0500] "GET http://s1.bdstatic.com/r/www/cache/static/home/img/logos/nuomi_ade5465d.png HTTP/1.1" 403 254 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.3072; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0)"

Related

Can a PXE+DHCP server exist on one network and boot machines on another?
HAProxy returns Bad Request (Invalid Host) for seemingly no reason
EC2 instances can't reach each other
Escape dollar sign in postfix config file
Relay access denied (in reply to RCPT TO command) Postfix Issue
nginx loading page very slow
Postfix seems to send spam
Script for getting last reboot timestamp (2008r2)
Want to understand XFS strangeness
TLS 1.2 Not showing by default in Windows Server 2012 R2
DHCP: Create a scope within a scope
RHEL Nginx SSL versus non SSL performance huge difference.