httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject cvs commit: httpd-docs-1.3/htdocs/manual/misc FAQ-E.html
Date Thu, 25 Jul 2002 20:33:05 GMT
slive       2002/07/25 13:33:04

  Modified:    htdocs/manual/misc FAQ-E.html
  Log:
  Add a FAQ entry for the proxy-scan issue.
  
  Both this entry and the FAQ as a whole are out of
  control size-wise.  Suggestions for improvements
  are welcome.
  
  Revision  Changes    Path
  1.22      +81 -1     httpd-docs-1.3/htdocs/manual/misc/FAQ-E.html
  
  Index: FAQ-E.html
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/FAQ-E.html,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -d -b -u -r1.21 -r1.22
  --- FAQ-E.html	30 Jun 2002 20:11:06 -0000	1.21
  +++ FAQ-E.html	25 Jul 2002 20:33:04 -0000	1.22
  @@ -147,6 +147,9 @@
            <li><a href="#serverheader">How can I change the information
            that Apache returns about itself in the headers?</a></li>
   
  +         <li><a href="#proxyscan">Why do I see requests for other sites
  +         appearing in my log files?</a></li>
  +
           </ol>
         </li>
         <!--#endif -->
  @@ -851,6 +854,83 @@
       are not keen on helping you do something that is intrinsically a bad
       idea.</p>
   
  +    <hr /></li>
  +
  +         <li><a id="proxyscan" name="proxyscan"><strong>Why do I see
requests
  +         for other sites appearing in my log files?</strong></a>
  +
  +         <p>A an access_log entry showing this situation could look
  +         like this:</p> 
  +
  +         <blockquote><code> 63.251.56.142 - -
  +         [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/
  +         HTTP/1.0" 200 1456 </code></blockquote>
  +
  +         <p>The question is: why did a request for
  +         <code>www.yahoo.com</code> come to your server instead of
  +         Yahoo's server?  And why does the response have a status 
  +         code of 200 (success)?</p>
  +
  +         <p>This is usually the result of malicious clients trying to
  +         exploit open proxy servers to access a website without
  +         revealing their true location.  If you find entries like this
  +         in your log, the first thing to do is to make sure you have
  +         properly configured your server not to proxy for unknown
  +         clients.  If you don't need to provide a proxy server at all,
  +         you should simply assure that the <a
  +         href="../mod/mod_proxy.html#proxyrequests">ProxyRequests</a>
  +         directive is <strong>not</strong> set <code>on</code>.
  +         If you do need to run a proxy server, then you must ensure
  +         that you <a href="../mod/mod_proxy.html#access">secure your
  +         server properly</a> so that only authorized clients can use
  +         it.</p>
  +
  +         <p>If your server is configured properly, then the attempt to
  +         proxy through your server will fail.  If you see a status
  +         code of <code>404</code> (file not found) in the log, then
  +         you know that the request failed.  If you see a status code
  +         of <code>200</code> (success), that does not necessarily mean
  +         that the attempt to proxy succeeded.  RFC2616 section 5.1.2
  +         mandates that Apache must accept requests with absolute URLs
  +         in the request-URI, even for non-proxy requests.  Since
  +         Apache has no way to know all the different names that your
  +         server may be known under, it cannot simply reject hostnames
  +         it does not recognize.  Instead, it will serve requests for
  +         unknown sites locally by stripping off the hostname and using
  +         the default server or virtual host.  Therefore you can
  +         compare the size of the file (1456 in the above example) to
  +         the size of the corresponding file in your default server.
  +         If they are the same, then the proxy attempt failed, since a
  +         document from your server was delivered, not a document from
  +         <code>www.yahoo.com</code>.</p>
  +
  +         <p>If you wish to prevent this type of request entirely, then
  +         you need to let Apache know what hostnames to accept and what
  +         hostnames to reject.  You do this by configuring name-virtual
  +         hosts, where the first listed host is the default host that
  +         will catch and reject unknown hostnames.  For example:</p>
  +
  +<blockquote>
  +<pre>
  +NameVirtualHost *
  +
  +<VirtualHost *>
  +  ServerName default.only
  +  <Location />
  +    Order allow,deny
  +    Deny from all
  +  </Location>
  +</VirtualHost>
  +
  +<VirtualHost *>
  +  ServerName realhost1.example.com
  +  ServerAlias alias1.example.com alias2.example.com
  +  DocumentRoot /path/to/site1
  +</VirtualHost>
  +
  +...
  +</pre>
  +</blockquote>
       <hr /></li>
   
       </ol>
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message