Access log:
140.205.201.35 - 1 [12/Apr/2017:16:52:08 +0800] "GET /admin/ HTTP/1.1" 404 564 "http://123.56.101.23/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;Alibaba.Security.Heimdall.5448812)"
140.205.201.35 - 1 [12/Apr/2017:16:52:13 +0800] "GET / HTTP/1.1" 302 16 "http://123.56.101.23/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;Alibaba.Security.Heimdall.5448812)"
221.222.55.62 - - [12/Apr/2017:17:03:45 +0800] "GET /favicon.ico HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
107.151.148.193 - - [12/Apr/2017:17:21:12 +0800] "GET http://www.luisaranguren.com/azenv.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0)"
107.151.148.193 - - [12/Apr/2017:17:21:12 +0800] "CONNECT www.baidu.com:443 HTTP/1.1" 400 166 "-" "-"
171.120.27.117 - - [12/Apr/2017:17:21:41 +0800] "CONNECT www.baidu.com HTTP/1.1" 400 166 "-" "-"
116.113.51.148 - - [12/Apr/2017:17:21:41 +0800] "GET http://www.123cha.com HTTP/1.1" 302 16 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36"
116.113.51.148 - - [12/Apr/2017:17:21:44 +0800] "" 400 0 "-" "-"
23.251.55.159 - - [12/Apr/2017:17:37:30 +0800] "GET http://fr.cyberpods.net/ HTTP/1.1" 302 16 "-" "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0)"
23.251.55.159 - - [12/Apr/2017:17:37:31 +0800] "CONNECT www.alipay.com:443 HTTP/1.1" 400 166 "-" "-"
123.57.10.148 - - [12/Apr/2017:17:49:19 +0800] "GET / HTTP/1.1" 302 16 "-" "-"
221.222.55.62 - - [12/Apr/2017:17:50:41 +0800] "GET /favicon.ico HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
What do these accesses mean??? This is nginx’s access.log
My question is how to do CONNECT www.baidu.com?
besides
23.251.55.159 - - [12/Apr/2017:17:37:30 +0800] "GET http://fr.cyberpods.net/ HTTP/1.1" 302 16 "-" "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/5.0)"
23.251.55.159 - - [12/Apr/2017:17:37:31 +0800] "CONNECT www.alipay.com:443 HTTP/1.1" 400 166 "-" "-"
How are these done?
Check the agent. If you search for "crawler proxy", there will be a lot of free or paid proxy server addresses, just like this.
This is the log format http://blog.chinaunix.net/uid...
GET and POST are request methods
/admin/ Requested resource address
HTTP/1.1 HTTP protocol version
404 is HTTP status code
user-agent browser information starting with Mozilla/4.0
Can be explained by comparing the set log_format