httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] open proxies?
Date Wed, 04 Feb 2004 18:07:45 GMT

On Wed, 4 Feb 2004, Bryan Irvine wrote:

> I recently stumbled onto this site:
> http://www.lurhq.com/proxies.html
>
> Which made for an interesting read.  After I was done I figured I'd do
> some checking for open proxies.  As the article suggests I telnetted to
> port 80 on my webservers and issued "GET http://www.yahoo.com/ HTTP/1.0"
> hit enter twice, and lo and behold I saw yahoo's page come up.  I tried
> this on all of my servers and every single one came up and being an open
> proxy.

The only way this can happen is if you have "ProxyRequests On" without
securing your proxy.  See:
http://httpd.apache.org/docs/misc/FAQ.html#proxyscan
http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#access

> Is this site spreading hocus pocus or is every site in the known
> universe an open proxy?

Where did you get that idea?  The fact that YOUR machine is an open proxy,
and therefore gives access to any other machine, does not say anything
about the security of those other machines.

Certainly there are a substantial number of open proxies out there.  But
most well-maintained servers are not open.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message