Sonntag, 19. April 2015


Since the starting of the honeypot I have seeen many "CONNECT <url>" entrys within the access.log file. Now, after doing a bit of investigation, these commands belongs to mod_proxy and can be used to force a GET of the url via your server if the mod_proxy module is used.

Beloved targets according to my log files are:
 According to the link above, you should run mod_proxy only if your system is hardened.