Typing 66.56.42.185 in my Firefox browser shows this on a white background:

You have made contact with the beacon GET / HTTP/1.1 Host:66.56.42.185

Followed by a wedge of data about my browser (that the WebmasterWorld board software can't accept)

67.191.231.135 in a browser shows a Apache Red Hat Linux test page

Both these IPs whois show a comcast.com address

So, what is it? Is it a proxy, or what?

Dunno, I'm flumoxed.

How can my server issue a 301 without being directed by me to do so?

That is the question...

> So, what is it? Is it a proxy, or what?

This is a request to use your server as a proxy, and based on the servers at both ends of the chain, I'd say it was a scan to find out if your server can be used as a proxy, rather than someone trying to use it to surf anonymously. They probably build and publish lists of open proxies, and your server was tested and found to be a 'maybe'.

However, there's no evidence that the connection was made unless you see a second request to that IP-based URL with a 200-OK response. All evidence indicates that the request was made to either your non-canonical domain name or to your server's IP address, and that your server then redirected that request to your canonical domain. The lack of a second request indicates that the proxy-tester elected not to follow that redirect (It is up to the client to follow an external redirect, and in this case, it didn't).

You should test your server yourself to see what happens if you request www.yourdomain.com/http://yahoo.com/ or similar. If you get connected to yahoo, then you need to take immediate action to disable the use of your server as an open proxy.

Using Apache mod_rewrite, something like:

# BLOCK attempts to use our server as a proxy, but allow absolute URIs for our domain
RewriteCond %{THE_REQUEST} ^(GET¦HEAD¦POST)\ /?http:// [NC]
RewriteCond %{THE_REQUEST} !^(GET¦HEAD¦POST)\ /?http://(www\.)?example\.com/
RewriteRule .* - [F]

Change all broken pipe "¦" characters above to solid pipes before use; Posting here modifies them.

Jim

Thanks Jim, you're a Brick.

So when I asked the following, I was misreading what had happened. My domain didn't redirect to comcast, (66.56.42.185) but to www.mydomain.com as it is supposed to.

So how could my server issue a 301 to an outside domain?

67.191.231.135 - - [26/Nov/2005:21:55:14 -0500] "GET htt*://66.56.42.185/ HTTP/1.1" 301 338 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

There was only one hit like this on that day, but it looks dodgy.

I'll alert my host, to get that 'maybe' altered to a 403 response at the server configuration level, if clearly isn't already. No use just doing it on my account alone.

Ran the check, and I was OK.

Ta!