httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig <cra...@nsutah.com>
Subject Re: [users@httpd] Help: Getting HUGE number of hits from wrong sites
Date Thu, 29 Aug 2002 12:28:50 GMT
Joshua Slive wrote:> On Wed, 28 Aug 2002, Chris Cioffi wrote:
>>
>>I've been monitoring my access logs for the last several days and have
>>noticed that I get a HUGE number (20k+/day) of page requests for domains
>>that have nothing to do with me.
> 
> But there is really nothing you can do from Apache to stop these things,
> other than make sure you are not running an open proxy.  If it is really
> eating up your bandwidth, then it should be considered a denial-of-service
> attack and you should ask your ISP and the ISP of the malicious client to
> help you get it stopped.

Really?  I was seeing this same situation earlier this year.  I have 
proxying turned on to proxy for some machines inside our net and had 
trouble at first getting it configured right.  Either it would proxy for 
everybody or nobody.  I finally got it figured out so that it would only 
allow proxy requests from internal machines (10.*) and reject all others.

At first, my logs were FULL of fulfilled proxy requests (from external 
addresses), then after I made the change, it was full of 403 (rejected) 
proxy requests.  Now I have a few proxy requests from the outside, but 
not many.

In short, isn't there some sort of "search tool" that finds proxy 
servers then uses that accumulated knowledge--kinda like email 
scavengers and web searches?  I would be fairly certain that they bounce 
these requests off your proxy to provide some sort of "anonymous" service.

Craig.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message