Looks like they are requesting a filenamed "http://www.yahoo.com".

I'd go double check your links. If you have a link to yahoo somewhere, there might be an html error there. Look for something like:

<a href="/http://www.yahoo.com">...</a>

Where the browser could be requesting that as the filename.

If your site is configured just right, it is probably returning your index page. (does that size match up with your index page?)

Someone could have also linked to you wrong. Might double check if there is ever a referrer associated with it.

Is it always the same ip? Then it might be a link on the users local homepage and they botched the link.

Thanks for the reply, Brett.

There's no links to yahoo anywhere on the site.

The size of the home page is 6732 bytes, so that's what was served to them. Good sleuth, Brett.

"-" in the string indicates there is not a known referrer

It might also be someones bot trying to find your 404 page. Given where that ip ends up at, I'd guess a botched page link. English and html would be a second language over there.

GET [yahoo.com...] HTTP/1.1

This is how a proxy request for Yahoo's home page looks like. Someone is trying to use your web server as a proxy. I gets lots of those log entries; there appears to be many people scanning for open web proxies.

Looks like they are requesting a filenamed "http://www.yahoo.com".

No - the request would look like "GET /http://www.yahoo.com/ HTTP/1.1" (note the slash) if that was the case.

It depends on the browser and the actual html error spock.

You are saying there's a browser that will translate a link such as <a href="/http://... into a "GET [...."...] request? What browser is that?

Sure, there are some broken browsers out there, but I still think a proxy request is the most likely explanation for this. I get the exact same log entries even for small sites where I know all links to be correct.

>> people scanning for open web proxies

This is over my head. Would this be some kind of hackers or what? Why would they want someone else's web server to be a proxy server, and why for Yahoo's home page? Are they trying to spoof the referrer?

I could be either a malformed link or an open-proxy probe:

http://www.webmasterworld.com/http://www.mydomain.com/ [webmasterworld.com]

Jim

Why would they want someone else's web server to be a proxy server, and why for Yahoo's home page?

An open proxy server (that is, one that doesn't require authentication) can be used to conceal what address you are connecting from. There could be many reasons for wanting to do that - including hacking attempts, DoS attacks, and various other illegal acts. They're only using Yahoo for testing whether the proxy is open, it could just as well be any other site.

That sure opens my eyes, Spock, thanks.

Can I tell from the log file whether their attempt succeeded or failed?