LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-15-2004, 08:15 PM   #1
lhoff
Member
 
Registered: Jun 2001
Location: Chicago
Distribution: Mandrake 10.0 Official
Posts: 181

Rep: Reputation: 30
How do I secure an open relay?


I've noticed a lot of network traffic lately on my web server. The logs show the following:

212.43.68.156 - - [15/Nov/2004:13:23:55 -0600] "GET /fm_pxsc.html HTTP/1.0" 404 403
218.30.125.57 - - [15/Nov/2004:13:24:03 -0600] "GET http://www.betbrain.com/javascript/menu.js HTTP/1.0" 404 409
212.160.148.29 - - [15/Nov/2004:13:24:16 -0600] "HEAD http://www.sun.com/ HTTP/1.0" 200 -
220.117.242.6 - - [15/Nov/2004:13:24:24 -0600] "GET http://www.ccbbs.com/forumdisplay.php?fid=780\r HTTP/1.1" 404 407
218.30.125.57 - - [15/Nov/2004:13:24:38 -0600] "GET http://www.betbrain.com/javascript/menu.js HTTP/1.0" 404 409
66.215.20.6 - - [15/Nov/2004:13:24:43 -0600] "GET http://members.oliver-klozov.com/ HTTP/1.0" 200 56
66.215.20.6 - - [15/Nov/2004:13:24:43 -0600] "GET http://members.oliver-klozov.com/ HTTP/1.0" 200 56

As you can see, some of the entries show 200, or success. I want to configure my firewall (Shorewall), or Apache, to DROP packets requesting documents from other domains. I Googled "Apache Securing Open relay" but found nothing other than links to articles on securing SMTP relays -- which is not the problem. Any ideas?

I hope somebody can help and I thank you for your assistance.

Last edited by lhoff; 11-15-2004 at 08:17 PM.
 
Old 11-15-2004, 09:02 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
What you're talking about is an "open proxy", not an "open relay" (open relay is an e-mail term). Check to make sure making those requests to your site really does fect the content from the other sites. If you have a default vhost it will respond with 200 to everything, but only show the default Apache "under construction" page. You can try it yourself by telnet'ing to your IP on port 80 and issuing the following:
Code:
GET / HTTP/1.0
Host: www.sun.com
If you get the information from www.sun.com, then you have big problems! You've seriously misconfigured mod_proxy, or perhaps someone has intentionally misconfigured it (for instance they could have exploited your box and quitely turned it into an open proxy).

If you get the default Apache page, that's what is expected.
 
Old 11-16-2004, 10:48 AM   #3
lhoff
Member
 
Registered: Jun 2001
Location: Chicago
Distribution: Mandrake 10.0 Official
Posts: 181

Original Poster
Rep: Reputation: 30
Thanks!

How would I check that via SSH? (I do not have telnet running on that server.)

I assume the following:
Code:
ssh -p 80 192.168.x.x
GET / HTTP/1.0
www.sun.com
but that produces no response at all.

If I login to the server's command line (user login, via ssh) and enter
Code:
GET / HTTP/1.0 www.sun.com
I do get sun output, but I don't think I'm getting it through Apache. So, I'm confused.

Also, this is my proxy directive:
Code:
<Proxy *>
   Order Deny,Allow
   Deny from all
<Proxy>
ProxyRequests off
Thanks for your assistance!

Last edited by lhoff; 11-16-2004 at 10:51 AM.
 
Old 11-16-2004, 07:21 PM   #4
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
No. He's saying use your telnet CLIENT to connect to your http SERVER. http is just plain text after all. Telnet client will talk with it. You don't need a telnet server running. Using a telnet client you can issue commands (well requests) to the apache server that you normally can not do with a stoopid browser.

$ telnet www.mylameapacheserver.com 80

then type the commands.

-b
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I not use open relay? Red Squirrel Linux - Networking 2 08-20-2005 11:31 PM
Open relay gubak Linux - Networking 1 08-25-2004 01:02 PM
How can I tell if my sendmail is an open relay.. Bjorkli Linux - Networking 1 05-28-2004 03:35 AM
open relay slack66 Linux - Security 1 09-28-2003 08:26 AM
sendmail 8.9 open relay subhasis_ray Linux - Software 1 05-27-2003 06:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration