Return-Path: 
 <users-return-37685-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 56733 invoked from network); 4 Feb 2004 18:07:45 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 4 Feb 2004 18:07:45 -0000
Received: (qmail 40573 invoked by uid 500); 4 Feb 2004 18:06:58 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 40530 invoked by uid 500); 4 Feb 2004 18:06:57 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 40442 invoked from network); 4 Feb 2004 18:06:56 -0000
Received: from unknown (HELO out1.smtp.messagingengine.com) (66.111.4.25)
  by daedalus.apache.org with SMTP; 4 Feb 2004 18:06:56 -0000
X-Sasl-enc: pQaGfzb4psCgf2/T9S9oMg 1075918017
Received: from usager55-41.hec.ca (usager55-41.hec.ca [132.211.55.41])
	by mail.messagingengine.com (Postfix) with ESMTP id 7CDE54D23D4
	for <users@httpd.apache.org>; Wed,  4 Feb 2004 13:06:56 -0500 (EST)
Date: Wed, 4 Feb 2004 13:07:45 -0500 (Est)
From: Joshua Slive <joshua@slive.ca>
To: users@httpd.apache.org
In-Reply-To: <1075917575.2509.12.camel@elvis.horvitznewspapers.net>
Message-ID: <Pine.WNT.4.58.0402041304270.296@Poste3947.hec.ca>
References: <1075917575.2509.12.camel@elvis.horvitznewspapers.net>
X-X-Sender: slive@fastmail.fm@mail.messagingengine.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: Re: [users@httpd] open proxies?
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N


On Wed, 4 Feb 2004, Bryan Irvine wrote:

> I recently stumbled onto this site:
> http://www.lurhq.com/proxies.html
>
> Which made for an interesting read.  After I was done I figured I'd do
> some checking for open proxies.  As the article suggests I telnetted to
> port 80 on my webservers and issued "GET http://www.yahoo.com/ HTTP/1.0"
> hit enter twice, and lo and behold I saw yahoo's page come up.  I tried
> this on all of my servers and every single one came up and being an open
> proxy.

The only way this can happen is if you have "ProxyRequests On" without
securing your proxy.  See:
http://httpd.apache.org/docs/misc/FAQ.html#proxyscan
http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#access

> Is this site spreading hocus pocus or is every site in the known
> universe an open proxy?

Where did you get that idea?  The fact that YOUR machine is an open proxy,
and therefore gives access to any other machine, does not say anything
about the security of those other machines.

Certainly there are a substantial number of open proxies out there.  But
most well-maintained servers are not open.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org