mcirl2 Posted February 13, 2009 Share Posted February 13, 2009 Hi, I have set up an intranet for a client and I am using Apache Web Server (mod_proxy) for https. However, the problem is that my Hosting Provider (We have a dedicated machine) emailed me and said that the proxy had been used / is being used by spammers. I immediately shut down apache and now I am trying to fix the problem. How do you secure the proxy so it is not an "Open Proxy". I cannot restrict access to one ip / range of ip addresses as the users need access from anywhere (most employees work off site). This is what the our provider told us in the email: We have found that portal.xyz.com (port 80) is working as unsecure open HTTP_POST proxy. We would ask that you immediately investigate this issue and take the necessary steps to close it down. Has anyone come across this / an idea how to secure it. Any advice would be much appreciated. thanks in advance, Mike Quote Link to comment https://forums.phpfreaks.com/topic/145093-mod_proxy-security-problem/ Share on other sites More sharing options...
corbin Posted February 13, 2009 Share Posted February 13, 2009 You could limit the sites that it allows access to. Don't remember the directive to do that, but it should be in the documentation. Quote Link to comment https://forums.phpfreaks.com/topic/145093-mod_proxy-security-problem/#findComment-761424 Share on other sites More sharing options...
mcirl2 Posted February 13, 2009 Author Share Posted February 13, 2009 Hi, Thanks for the instanteous reply !! Very much appreciated. I will go find it and post back the solution (hopefully) as this has had me puzzled for a while. Thanks a lot, Mike Quote Link to comment https://forums.phpfreaks.com/topic/145093-mod_proxy-security-problem/#findComment-761434 Share on other sites More sharing options...
mcirl2 Posted February 13, 2009 Author Share Posted February 13, 2009 Hi, I think I have sorted it but not 100%. I went the documentation at http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxyrequests and because my I am using a reverse proxy pass I don't need "ProxyRequests On" so I changed this to "ProxyRequests Off" Is there anywhere I can test to see if my proxy is secure as I would rather know before getting another angry email from my hosting provider. Regards, Mike Quote Link to comment https://forums.phpfreaks.com/topic/145093-mod_proxy-security-problem/#findComment-761462 Share on other sites More sharing options...
corbin Posted February 13, 2009 Share Posted February 13, 2009 Well, you could send it a couple raw headers. Just use telnet or something similar: telnet nameoripofyourproxy.com 80 Then, once it connects, type something like: GET http://google.com/ HTTP/1.1 Host: google.com (Note that you will need to hit enter twice after the Host: line.) Then, you could replace GET with POST to check POSTing. Quote Link to comment https://forums.phpfreaks.com/topic/145093-mod_proxy-security-problem/#findComment-761483 Share on other sites More sharing options...
mcirl2 Posted February 13, 2009 Author Share Posted February 13, 2009 Hi, I tested doing the above telnet with the ProxyRequests On and then ProxyRequests Off When ProxyRequests was OFF and I did the post command, I got this: HTTP/1.1 301 Moved Permanently Date: Fri, 13 Feb 2009 19:03:41 GMT Server: Apache-Coyote/1.1 Location: /c;jsessionid=A2ABE5ABDFF8A8E5 Content-Type: text/html Content-Length: 198 Set-Cookie: JSESSIONID=A2ABE5ABDFF8A8E54 <body onload="javascript: location.repla </html>C1C')"> Connection to host lost. C:\Documents and Settings\Administrator> I then proceedeed to test with ProxyRequests On and I got this: HTTP/1.1 411 Length Required Date: Fri, 13 Feb 2009 19:07:09 GMT Server: GFE/1.3 Content-Type: text/html; charset=UTF-8 Content-Length: 1363 Connection: close <html><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <t itle>411 Length Required</title> <style><!-- body {font-family: arial,sans-serif} d iv.nav {margin-top: 1ex} div.nav A {font-size: 10pt; font-family: arial,sans-seri f} span.nav {font-size: 10pt; font-family: arial,sans-serif; font-weight: bold} di v.nav A,span.big {font-size: 12pt; color: #0000cc} div.nav A {font-size: 10pt; co lor: black} A.l:link {color: #6f6f6f} A.u:link {color: green} //--></style> <script> <!-- var rc=411; //--> </script> </head> <body text=#000000 bgcolor=#ffffff> <table bo rder=0 cellpadding=2 cellspacing=0 width=100%><tr><td rowspan=3 width=1% nowrap> <b><font face=times color=#0039b6 size=10>G</font><font face=times color=#c41200 size=10>o</font><font face=times color=#f3c518 size=10>o</font><font face=times color=#0039b6 size=10>g</font><font face=times color=#30a72f size=10>l</font><f ont face=times color=#c41200 size=10>e</font> </b> <td> </td></tr > <tr><td bgcolor="#3366cc"><font face=arial,sans-serif color="#ffffff"><b>Error< /b></td></tr> <tr><td> </td></tr></table> <blockquote> <H1>Length Required</H1 > POST requests require a <code>Content-length</code> header. <p> </blockquote> <tab le width=100% cellpadding=0 cellspacing=0><tr><td bgcolor="#3366cc"><img alt="" width=1 height=4></td></tr></table> </body></html> Connection to host lost. C:\Documents and Settings\Administrator> I dont really know much about telnet so does this show that it is secure when ProxyRequests is OFF? Thanks for all your help. Thanks, Mike Quote Link to comment https://forums.phpfreaks.com/topic/145093-mod_proxy-security-problem/#findComment-761515 Share on other sites More sharing options...
corbin Posted February 13, 2009 Share Posted February 13, 2009 Hrmmm, if I'm reading that correctly it should be ;p. Quote Link to comment https://forums.phpfreaks.com/topic/145093-mod_proxy-security-problem/#findComment-761527 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.