LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-16-2004, 10:10 AM   #1
whitetux
LQ Newbie
 
Registered: Feb 2004
Distribution: Gentoo, Red Hat, SuSE
Posts: 10

Rep: Reputation: 0
Use Apache for IIS proxy?


I have a client who runs an IIS webserver on Windows 2000 and their webserver has been compromised (before I was called). They were compromised because they were not patched.

I can't guarantee they will stay up to date with their patches and I can't speak for Microsoft getting their patches out 0 day.

I am thinking of using an apache webserver on a linux box in proxy mode that will listen to requests and retrieve pages from the IIS server behind the firewall.

Does this sound like a good solution? The Apache server will re-write requests without the exploited requests correct?

Thanks
WT
 
Old 12-17-2004, 12:19 PM   #2
whitetux
LQ Newbie
 
Registered: Feb 2004
Distribution: Gentoo, Red Hat, SuSE
Posts: 10

Original Poster
Rep: Reputation: 0
hmmm 24 hours and no one has comments?
 
Old 12-17-2004, 05:02 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Want your money back?

I've never actually tried that so this is speculation, but I would guess it depends on the type of attack and also how you plan on rewriting the requests. For example a simple overflow like GET htttp://somefiles.AAAAAAAAAAAAAAAAAAAAAAAAAAA would probably make it through as Apache couldn't tell the difference between it and legitimate requests, unicode stuff would probably go through too. To be effective though, Apache would need to truly re-write the requests rather than just forward them. Probably would work best using a module like mod_security that is designed to filter out weird URLs like malformed and escaped requests upstream of the Apache core. Personally, I think a true proxy like squid or ZORP would probably work the best (that's part of what they're designed to do.
 
Old 12-18-2004, 11:36 AM   #4
whitetux
LQ Newbie
 
Registered: Feb 2004
Distribution: Gentoo, Red Hat, SuSE
Posts: 10

Original Poster
Rep: Reputation: 0
Hey thank you for the reply, I will cancel my refund request!

Good info, appreciated. I run squid as a cache to fetch requests for the internal networks so I am somewhat familiar with it. Since squid has lots of 3rd party plugins I would think this would be a great solution. I will research it as a rewrite proxy and post with my findings.

Would apache's mod_rewrite do the trick also?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disguise apache as IIS lil_drummaboy Linux - Security 3 09-20-2005 01:00 PM
New to Apache from IIS happybattles Linux - Software 2 08-31-2005 11:32 PM
apache as a channel to IIS Zingaro2002 Linux - Networking 4 01-20-2005 04:01 AM
IIS + Apache* mosherben Linux - Networking 3 05-04-2004 12:31 PM
IIS or Apache? mib Linux - Newbie 13 03-16-2003 08:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration