Return-Path: 
 <users-return-27491-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 97349 invoked by uid 500); 16 May 2003 01:14:07 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 97336 invoked from network); 16 May 2003 01:14:07 -0000
Received: from smtp-out.comcast.net (24.153.64.116)
  by daedalus.apache.org with SMTP; 16 May 2003 01:14:07 -0000
Received: from icomcast.net (lb-ldap-155.icomcast.net [172.20.3.155])
 by mtaout04.icomcast.net
 (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
 with ESMTP id <0HEY000SSGQLHI@mtaout04.icomcast.net> for
 users@httpd.apache.org; Thu, 15 May 2003 21:13:33 -0400 (EDT)
Received: from [172.20.3.10] by msgstore08.icomcast.net (mshttpd); Thu,
 15 May 2003 21:13:33 -0400
Date: Thu, 15 May 2003 21:13:33 -0400
From: Travis Haddock <travis.haddock@comcast.net>
To: users@httpd.apache.org
Message-id: <2c4a9602c4e5ca.2c4e5ca2c4a960@icomcast.net>
MIME-version: 1.0
X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.14 (built Mar 18 2003)
Content-type: multipart/mixed; boundary="Boundary_(ID_ub332d0p5JnB3wPYM2F8qg)"
Content-language: en
X-Accept-Language: en
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: Re: [users@httpd] Is my server an open proxy?

--Boundary_(ID_ub332d0p5JnB3wPYM2F8qg)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline

One of our developers was playing with ProxyPass and used 
ProxyRequest=On on one of our dev servers and within a few days the 
hits went from a few dozen per day to a few dozen per second.


--Boundary_(ID_ub332d0p5JnB3wPYM2F8qg)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT

On Thu, 15 May 2003 11:24:27 -0400 Joshua Slive <joshua@slive.ca> wrote:

> On Thu, 15 May 2003, Jacob S. wrote:
> > I've been told these hits mean someone's using my Apache as a proxy,
> > but I don't have mod_proxy installed. Is there another exploit I
> > need to watch out for, or is the fact that each hit is only 397
> > bytes indicating that it's a failed attempt to use my server as a
> > proxy? I've read the Apache documentation about proxys, but I want
> > to make sure there's not something I'm missing.
> 
> See:
> http://httpd.apache.org/docs/misc/FAQ.html#proxyscan
> 
> Joshua.

Ah, thanks. I didn't see that page when I was searching for proxy stuff
in the Apache docs and found the page for mod_proxy.

I checked and sure enough, my default domain's index page is 397 bytes.

Thanks again,
Jacob

----- 
GnuPG Key: 1024D/16377135

In a world without fences, who needs Gates?
http://www.linux.org/


--Boundary_(ID_ub332d0p5JnB3wPYM2F8qg)
Content-Type: text/plain; charset=us-ascii

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
--Boundary_(ID_ub332d0p5JnB3wPYM2F8qg)--