Hi Paul:
Thanks for your post on /.
Okay, so perhaps you can explain in more detail how ok.txt lets a site check for open proxies?
You can always email me the answer (or a link) or just email me to let me know the answer’s been posted here, or post on /. (it’s all good).
Thanks
Tom
REF: http://slashdot.org/comments.pl?sid=112309&cid=9527805
Hi Tom,
It’s pretty simple – consider your browser going via a Web proxy server (usually is the case for most large isps). Your browser makes the request:
GET http://www.blah.com/default.htm HTTP/1.1
directly to the proxy. It then connects to http://www.blah.com and asks for default.htm which it then returns to you whilst keeping a copy for itself.
Then when the next guy asks for the same url it can serve it from its local cache.
Now when access controls are in place, it generally only works for known IP ranges (for that ISP), other connecting IPs get denied.
What slashdot is doing is connecting to (at least Ports 80 and 3128) and making a request for http://slashdot.org/ok.txt
If:
a) It gets "ok" back
b) It is a 200 OK instead of a 403 DENIED
c) The Headers show slashdot’s server details
then it is safe to say that the machine is an open relay, and I guess /. would take the appropriate action (or precautions).
Hope this helps,
Paul.