So I've taken a more in-depth approach to inspecting my server traffic lately, and have noticed quite a few more exploit attempts than I had imagined. I came across one that I can't explain.
ip.ip.ip.ip - - [29/Apr/2016:06:37:45 -0400] "GET http://g-ecx.images-amazon.com/images/G/01/x-locale/common/transparent-pixel._CB386942464_.gif HTTP/1.0" 301 572 "-" "-" The IP sends a GET request to Amazon, and also a Polish proxy site. I want to make absolutely certain that my box isn't going out to get the remote page and then returning it to the one requesting this, as that doesn't seem very bandwidth friendly. Also, can anyone explain how one would send a GET request that specifies a remote page? I have a pretty good understanding of REST and headers, but I can't seem to get any Google results on how this could be possible.
[link] [comments]