Jump to content

Mod_Proxy security problem


mcirl2

Recommended Posts

Hi,

 

I have set up an intranet for a client and I am using Apache Web Server (mod_proxy) for https.

 

However, the problem is that my Hosting Provider (We have a dedicated machine) emailed me and said that the proxy had been used / is being used by spammers.

 

I immediately shut down apache and now I am trying to fix the problem.

 

How do you secure the proxy so it is not an "Open Proxy". I cannot restrict access to one ip / range of ip addresses as the users need access from anywhere (most employees work off site).

 

This is what the our provider told us in the email:

 

We have found that portal.xyz.com (port 80) is working as unsecure open

HTTP_POST proxy.  We would ask that you immediately investigate this issue

and take the necessary steps to close it down.

 

Has anyone come across this / an idea how to secure it.

 

Any advice would be much appreciated.

 

thanks in advance,

 

Mike

 

 

Link to comment
Share on other sites

Hi,

 

I think I have sorted it but not 100%.

 

I went the documentation at http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxyrequests and because my I am using a reverse proxy pass I don't need  "ProxyRequests On" so I changed this to "ProxyRequests Off"

 

Is there anywhere I can test to see if my proxy is secure as I would rather know before getting another angry email from my hosting provider.

 

Regards,

 

Mike

 

 

Link to comment
Share on other sites

Well, you could send it a couple raw headers.

 

Just use telnet or something similar:

 

 

telnet nameoripofyourproxy.com 80

 

Then, once it connects, type something like:

 

GET http://google.com/ HTTP/1.1

Host: google.com

 

(Note that you will need to hit enter twice after the Host: line.)

 

Then, you could replace GET with POST to check POSTing.

Link to comment
Share on other sites

Hi,

 

I tested doing the above telnet with the ProxyRequests On and then ProxyRequests Off

 

When ProxyRequests was OFF and I did the post command, I got this:

 

HTTP/1.1 301 Moved Permanently
Date: Fri, 13 Feb 2009 19:03:41 GMT
Server: Apache-Coyote/1.1
Location: /c;jsessionid=A2ABE5ABDFF8A8E5
Content-Type: text/html
Content-Length: 198
Set-Cookie: JSESSIONID=A2ABE5ABDFF8A8E54

<body onload="javascript: location.repla
</html>C1C')">

Connection to host lost.

C:\Documents and Settings\Administrator>

 

I then proceedeed to test with ProxyRequests On and I got this:

 


HTTP/1.1 411 Length Required
Date: Fri, 13 Feb 2009 19:07:09 GMT
Server: GFE/1.3
Content-Type: text/html; charset=UTF-8
Content-Length: 1363
Connection: close



<html><head>
           <meta http-equiv="content-type" content="text/html;charset=utf-8">
                                                                             <t
itle>411 Length Required</title>
                               <style><!--
                                          body {font-family: arial,sans-serif}
                                                                              d
iv.nav {margin-top: 1ex}
                       div.nav A {font-size: 10pt; font-family: arial,sans-seri
f}
 span.nav {font-size: 10pt; font-family: arial,sans-serif; font-weight: bold}
                                                                             di
v.nav A,span.big {font-size: 12pt; color: #0000cc}
                                                 div.nav A {font-size: 10pt; co
lor: black}
          A.l:link {color: #6f6f6f}
                                   A.u:link {color: green}
                                                          //--></style>
                                                                       <script>
<!--
   var rc=411;
              //-->
                   </script>
                            </head>
                                   <body text=#000000 bgcolor=#ffffff>
                                                                      <table bo
rder=0 cellpadding=2 cellspacing=0 width=100%><tr><td rowspan=3 width=1% nowrap>

<b><font face=times color=#0039b6 size=10>G</font><font face=times color=#c41200
size=10>o</font><font face=times color=#f3c518 size=10>o</font><font face=times
color=#0039b6 size=10>g</font><font face=times color=#30a72f size=10>l</font><f
ont face=times color=#c41200 size=10>e</font>  </b>
                                                            <td> </td></tr
>
<tr><td bgcolor="#3366cc"><font face=arial,sans-serif color="#ffffff"><b>Error<
/b></td></tr>
            <tr><td> </td></tr></table>
                                            <blockquote>
                                                        <H1>Length Required</H1
>
POST requests require a <code>Content-length</code> header.

                                                           <p>
                                                              </blockquote>
                                                                           <tab
le width=100% cellpadding=0 cellspacing=0><tr><td bgcolor="#3366cc"><img alt=""
width=1 height=4></td></tr></table>
                                  </body></html>


Connection to host lost.

C:\Documents and Settings\Administrator>







 

 

I dont really know much about telnet so does this show that it is secure when ProxyRequests is OFF?

 

Thanks for all your help.

 

Thanks,

 

Mike

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.