I run a website, let's say www.example.com. On it I have a path and file, say www.example.com/path/file.html.
The Apache log lists GET requests like: GET /path/file.html HTTP/1.1
Which is correct, corresponding to www.example.com/path/file.html; such lines result in a 200 status code and everything's good.
But then I have other entries:
GET http://www.example.com/path/file.html HTTP/1.1
or
GET http://www.othersite.net/ HTTP/1.1
Which would correspond to something like http://www.example.com/http://www.example.com/path/file.html or http://www.example.com/http://www.othersite.net/ which does not exist (My server returns a 404 for these.).
These requests are always from far away (Italy, Latvia, ...) while actual users of my website are invariably local. What are these? Is there any particular reason for these requests? Have others seen these happen?
It's been going on for at least a year and it's continuous (though I'm not being flooded).
They are not transparent attacks such as:
GET //mysql-admin/ HTTP/1.1 or GET /webdav/test HTTP/1.1