[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: apache allowing POSTs to offsite IP
- From: Kevin Weslowski <weslowsk accesscomm ca>
- To: seawolf-list redhat com
- Subject: Re: apache allowing POSTs to offsite IP
- Date: Sun, 18 May 2003 18:03:29 -0600
here is everything related to "proxy" in our conf file (with our IPs replaced with fake ones):
Snip:
-----------------
LoadModule proxy_module modules/libproxy.so
AddModule mod_proxy.c
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#<IfModule mod_proxy.c>
#ProxyRequests On
#
#<Directory proxy:*>
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Directory>
<IfModule mod_proxy.c>
ProxyRequests On
ProxyPass /servlet/ http://123.4.5.6:8888/servlet/
ProxyPassReverse /servlet/ http://123.4.5.6:8888/servlet/
ProxyPass /prts/ http://123.4.5.6:8888/prts/
ProxyPassReverse /prts/ http://123.4.5.6:8888/prts/
ProxyPass /coop/ http://123.4.5.6:8888/coop/
ProxyPassReverse /coop/ http://123.4.5.6:8888/coop/
</IfModule>
--------------
We are aware of the mod_proxy.c module; we've been using it but perhaps incorrectly; I assume we should uncomment the <Directory> block (and modify the block) relating to proxy.* so as to specify who can proxy, right? So, what I assume from the configuration I've shown is that we have ProxyRequests turned on, but we're not specifying who can proxy and who can't...which is why we're having the problems, right?
Kevin
"James P. Roberts" wrote:
> > > On Fri, 16 May 2003, Kevin Weslowski wrote:
> > >
> > > > Hi all,
> > > >
> > > > in my apache access logs, a someone has been POSTing (and succeeding)
> > > > through my server, to another IP, but to their port 25...there has been
> > > > reports from the ISP of the IP being attacked that WE have been spamming
> > > > them, which isn't true since we don't even have sendmail running or port
> > > > 25 open;
> > > >
> > > > snip:
> > > >
> > > > 66.164.26.66 - - [16/May/2003:16:23:28 -0600] "POST
> > > > http://142.165.49.56:25/ HTTP/1.1" 200 375
> > > > 66.164.26.66 - - [16/May/2003:16:23:28 -0600] "QUIT" 403 -
> > > > 66.164.26.66 - - [16/May/2003:16:27:21 -0600] "POST
> > > > http://142.165.49.6:25/ HTTP/1.1" 200 1008
> > > > 66.164.26.66 - - [16/May/2003:16:27:39 -0600] "POST
> > > > http://142.165.49.6:25/ HTTP/1.1" 200 1024
> > > > 66.164.26.66 - - [16/May/2003:16:27:58 -0600] "POST
> > > > http://142.165.49.6:25/ HTTP/1.1" 200 1000
> > > > 66.164.17.103 - - [16/May/2003:16:29:34 -0600] "POST
> > > > http://142.165.49.6:25/ HTTP/1.1" 200 1016
> > > > 66.164.17.103 - - [16/May/2003:16:30:07 -0600] "POST
> > > > http://142.165.49.6:25/ HTTP/1.1" 200 1016
> > > >
> > > > first, has any one seen these types of "proxy" POSTs? what do they mean?
> > > >
> > > > we've tried denying access to 66.164.* but he's still able to send the
> > > > POSTs...probably because they're not directed at my server...so I how do
> > > > I stop this "proxy" use of my (apache 1.3.27) server?
> > > >
> > > > any help would be much appreciated...thanks.
> > > >
> > > > Kevin
> > > > >
>
> >From the Apache website, version 1.3 docs:
> ( http://httpd.apache.org/docs/mod/directives.html )
>
> ProxyRequests directive
> Syntax: ProxyRequests on|off
> Default: ProxyRequests Off
> Context: server config, virtual host
> Override: Not applicable
> Status: Base
> Module: mod_proxy
> Compatibility: ProxyRequests is only available in Apache 1.1 and later.
> This allows or prevents Apache from functioning as a proxy server. Setting
> ProxyRequests to 'off' does not disable use of the ProxyPass directive.
>
> Warning: Do not enable proxying until you have secured your server. Open proxy
> servers are dangerous both to your network and to the Internet at large.
>
> Not to be mean or anything, but have you actually read any of the online
> Apache documentation? Took about 30 seconds via Google to find this. I would
> suggest a thorough review of your entire Apache configuration.
>
> Regards,
> Jim
>
> _______________________________________________
> Seawolf-list mailing list
> Seawolf-list redhat com
> https://www.redhat.com/mailman/listinfo/seawolf-list
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]