httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Taco Fleur" <tacofl...@nella.net.au>
Subject RE: [users@httpd] Concern about log entry
Date Sat, 23 Aug 2003 21:23:05 GMT
Cheers for that.

I do not have proxy turned on.

Just curious how does one go about probing my box to see if its turned
on? I guess what they are looking for is a box to hide their traces
through, right. I find this a bit annoying and really wish to get back
at these people, as they have no idea what kind of damage they can
cause, some of us are running a business of these boxes... 
How to stop them, if possible?

-----Original Message-----
From: Mike [mailto:mike.lists@levrah.net] 
Sent: Saturday, 23 August 2003 10:21 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Concern about log entry


At 06:54 AM 8/23/2003, you wrote:
>I have some concern about the following log entry in my apache log 
>file.
>Would an entry like the one below only be logged if I actually had a
link 
>on my site (that's what I thought)?
>
>218.90.30.157 - - [23/Aug/2003:19:15:43 +1000] "GET
><http://hpcgi1.nifty.com/trino/ProxyJ/prxjdg.cgi>http://hpcgi1.nifty.co
m/trino/ProxyJ/prxjdg.cgi 
>HTTP/1.1" 404 303
>
>The concern is because I have no such link on my site, I am also not
>hosting the nifty.com site.
>
>Can anyone shed any light on this?
>
>Cheers

Someone is just probing your box to see if it is allowing for proxying.

If you have access to your box, login and grep your conf file for proxy
to 
see if you have proxy turned on. If you do, turn it off unless you mean
for 
it to be on.

If you don't know where your httpd.conf file is, do this:

locate httpd.conf

If that doesn't find it, update your locate database with this (be
patient 
and let it finish):

locate -u

(then do the locate httpd.conf command above)

Then using the location of your httpd.conf file, check to see if (and if
so 
where) proxy might be turned on (or off):

grep proxy /path/to/httpd.conf

(using your /path/to/ the httpd.conf file of course)

If you find that you have proxy turned on, someone else here will have
to 
say how to turn it off. In mine, I don't even have the proxy related 
modules loaded, and I don't have the proxy statement line to turn it on
or 
off. Presumably (and someone tell me if I'm wrong) this means our box is

not fulfilling proxy requests.

Hope the info helps.
-mike

P.S. On a related note, does anyone know if these sorts of probing
attempts 
can be killed (dropped or rejected) using iptables in some way? If so,
I'm 
interested in learning how.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message