LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-31-2011, 04:52 AM   #1
romeo_tango
Member
 
Registered: Nov 2006
Distribution: Mint
Posts: 148

Rep: Reputation: 15
Disabling Apache mod_proxy Features


Hi,

I'm using CentOS 5 and just found out that there are people using my Apache Web Server as proxy (version 2.2.3 the OS's default).

I've checked out that my mod_proxy is already disabled but the unauthorized incoming request is still very large.

So I tried to compile an Apache from raw (2.2.17) just enabling mod_rewrite and then found out that the 'proxy' request is still there.

Tried httpd -l and here are the modules inside the Apache :

Code:
# /opt/apachew/bin/httpd -l
Compiled in modules:
  core.c
  mod_authn_file.c
  mod_authn_default.c
  mod_authz_host.c
  mod_authz_groupfile.c
  mod_authz_user.c
  mod_authz_default.c
  mod_auth_basic.c
  mod_include.c
  mod_filter.c
  mod_log_config.c
  mod_env.c
  mod_setenvif.c
  mod_version.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_so.c
There should be no mod_proxy but why should it still accepting proxy request? I checked the access_log file and still found "http://www.google.com" and so on.

My question is :
- How to block all the proxy request and only accepting the normal web server request? I also have tried to enable proxy in the previous Apache and then setting up "ProxyRequest Off" and Proxy * only from localhost but the request is still there.

I tried by myself using the webserver as proxy in browser and all the URLs I opened including the false URL will be redirected to my index.php and this should show me that 'you-can't-use-this-as-proxy-anymore' right?

Insane people still believe they could use my server and they keep trying and trying.

I couldn't block the IP addresses because some of them are using the mobile data (GPRS/UMTS) and that is our market for the website.

Please help.
 
Old 03-31-2011, 07:11 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
your config won't stop people making those requests per se, just what will be done with the requests. What is the consequence of doing it? I can request google.com from bing.com's servers if I want, but that doesn't mean they will give it to me. As long as you have ProxyRequests disabled (as per default) then that should get them nothing out of it. http://httpd.apache.org/docs/2.0/mod...#proxyrequests
 
Old 03-31-2011, 07:13 AM   #3
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,204
Blog Entries: 1

Rep: Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059Reputation: 2059
Hi

First of all you should compile mod_proxy, because it could be used by mod_rewrite in some configurations. Using "ProxyRequest Off" should be enough to stop your server acting as a proxy.
Anyway, you can use mod_rewrite to stop proxy requests, like this:
Code:
RewriteEngine On

RewriteCond %{THE_REQUEST} ^GET\ http
RewriteRule (.*) - [F]
Regards
 
Old 03-31-2011, 10:00 AM   #4
romeo_tango
Member
 
Registered: Nov 2006
Distribution: Mint
Posts: 148

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
your config won't stop people making those requests per se, just what will be done with the requests. What is the consequence of doing it? I can request google.com from bing.com's servers if I want, but that doesn't mean they will give it to me. As long as you have ProxyRequests disabled (as per default) then that should get them nothing out of it. http://httpd.apache.org/docs/2.0/mod...#proxyrequests
Hi, so you were saying that :
- It would be enough to set ProxyRequests off
- I can't do any single thing to user that want to use my server as 'proxy' eventhough it is not a proxy, right?

Okay then.
Thanks
 
Old 03-31-2011, 10:02 AM   #5
romeo_tango
Member
 
Registered: Nov 2006
Distribution: Mint
Posts: 148

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory View Post
Hi

First of all you should compile mod_proxy, because it could be used by mod_rewrite in some configurations. Using "ProxyRequest Off" should be enough to stop your server acting as a proxy.
Anyway, you can use mod_rewrite to stop proxy requests, like this:
Code:
RewriteEngine On

RewriteCond %{THE_REQUEST} ^GET\ http
RewriteRule (.*) - [F]
Regards
hi,

I will try the script from you and see if it will be sufficient to stop the madness. The main cause of this madness is that because somebody already listed our IP address as 'open proxy' in their blog

Thanks for the suggestion..
 
Old 03-31-2011, 10:22 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Quote:
Originally Posted by romeo_tango View Post
Hi, so you were saying that :
- It would be enough to set ProxyRequests off
- I can't do any single thing to user that want to use my server as 'proxy' eventhough it is not a proxy, right?

Okay then.
Thanks
well the point is you can't stop them, as they haven't done anything wrong in asking the question. there *might* be something a tool like fail2ban could do to block them, but i don't know if it can watch apache access logs - have a google. But in apache, no you can't do anything to stop them **TRYING** to do it, but you can stop it working. IF it even is working.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache mod_proxy and virtualhost dexznrl Linux - Server 1 11-03-2010 05:58 PM
Apache mod_proxy log mahmoud Linux - Software 1 06-07-2010 01:54 AM
about the URL when using Apache mod_proxy myhnet Linux - Newbie 0 06-24-2008 07:08 AM
Apache + Mod_proxy ProxyPass paul_mat Linux - Networking 2 04-14-2006 08:57 PM
Webmin Through Apache using mod_proxy... ech310n Linux - General 0 01-28-2004 04:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration