Benn,
I guess my explanation wasn't clear enough, so I'll try again.
That value is not coming from anywhere in your server's configuration - it
has nothing to do with proxy_pass or anything else. It is the value of the
"Referer" header that is in the incoming request.
First, are these log lines from requests that you are making to the server
yourself, or are they coming from someone else?
If it is your own traffic, where are you making your requests from? Is it a
page in a web browser, or is it some other tool?
If it is a web browser, that is usually the URL of the web page that is
open in the browser. For example, if I have a website at `
example.com/page.html` with a form on it that submits to your server, the
value in that place in the logs will be `https://example.com/page.html` so
that your server can see where the request came from.
Moshe
On Thu, Jun 3, 2021 at 1:18 PM Benn Boulton <bboulton@skippingstone.com>
wrote:
> Hello Moshe,
>
>
>
> Thanks for the reply. I guess I was not clear enough in my post. I know
> the /cr-bin/mp.exe is part of the POST request.
>
> What I do not understand is where the gmer3.itd.sterling.com/home.htm
> is coming from. It is not my proxy_pass value.
>
> It is not part of the POST request or part of the nginx proxy_pass or any
> thing I can find in my configuration.
>
>
>
> Is my post being sent to both my proxy_pass value and this site in the
> log? Do I have a hacked nginx?
>
>
>
> -Benn
>
>
>
> *From:* nginx <nginx-bounces@nginx.org> *On Behalf Of *Moshe Katz
> *Sent:* Thursday, June 3, 2021 12:14 PM
> *To:* nginx@nginx.org
> *Subject:* Re: gmer3.itd.sterling.com/home.htm in the access log
>
>
>
> Benn,
>
>
>
> That part of the log is not the request URL, it is the referrer header.
> The path that was requested on your server is before that - a POST request
> to "/cr-bin/mp.exe". The referrer (which the HTTP standard actually
> misspells as "referer") is the web page that is making this request to your
> server.
>
>
>
> Moshe
>
>
>
> On Thu, Jun 3, 2021 at 12:08 PM Benn Boulton <bboulton@skippingstone.com>
> wrote:
>
> Hello,
>
> I have just installed the NGINX service to help rate limit connections to
> my Apache server on Windows.
>
> NGNIX 1.19.10 on Windows 10 64 bit
>
>
>
> Everything seems to be working fine but I am getting access log entries
> that I do not understand for the pages I am redirecting.
>
> I am running a process that posts to the server. NGNIX is processing the
> request and passing it to the destination server but it is not
> gmer3.itd.sterling.com/home.htm
> https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct
> as shown in the access log entries below.
>
> Any Idea why
>
> 127.0.0.1 - t_skipstone [03/Jun/2021:10:30:07 -0400] "POST /cr-bin/mp.exe
> HTTP/1.1" 200 569 "gmer3.itd.sterling.com/home.htm
> https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
> "brow v1.0 CCI"
>
> 127.0.0.1 - t_skipstone [03/Jun/2021:10:31:07 -0400] "POST /cr-bin/mp.exe
> HTTP/1.1" 200 569 "gmer3.itd.sterling.com/home.htm
> https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
> "brow v1.0 CCI"
>
> 127.0.0.1 - t_skipstone [03/Jun/2021:10:33:35 -0400] "POST /cr-bin/mp.exe
> HTTP/1.1" 200 569 "gmer3.itd.sterling.com/home.htm
> https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
> "brow v1.0 CCI"
>
> 127.0.0.1 - t_skipstone [03/Jun/2021:10:37:42 -0400] "POST /cr-bin/mp.exe
> HTTP/1.1" 200 569 "gmer3.itd.sterling.com/home.htm
> https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
> "brow v1.0 CCI"
>
> 127.0.0.1 - t_skipstone [03/Jun/2021:10:55:03 -0400] "POST /cr-bin/mp.exe
> HTTP/1.1" 200 569 "gmer3.itd.sterling.com/home.htm
> https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
> "brow v1.0 CCI"
>
> 127.0.0.1 - t_skipstone [03/Jun/2021:10:56:34 -0400] "POST /cr-bin/mp.exe
> HTTP/1.1" 200 569 "gmer3.itd.sterling.com/home.htm
> https://url.emailprotection.link/?bD5H3QzZ3V5r-EeQ1owgpRQF9oV5l2NRIm985JaimcuSK9Ouf7HkyYPBjb_5XEDTDFQOhTH2rYvU2h1CLfmBEfM8_cgt7-mqSW8-5oZbZzhsOjFEa1jMAMRarOyYb8wct"
> "brow v1.0 CCI"
>
>
>
> Thanks
>
> *Benn *
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> https://url.emailprotection.link/?b0r-C9_AUw48-Ch5rHbhyfCAxCuaEcGez1jSw3TSmi_yMSerkqszEs29ZeJ-9XHhKXFPzhIWSbHbDCNUmj6Tzf9mgNn_Pt2ohe5UJSMuWw0QP3IvnnyCmFlsv4r_rtY2d
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
