httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens <>
Subject [users@httpd] mod_proxy_connect security questions
Date Wed, 12 Nov 2008 23:46:25 GMT

I set up mod_proxy, mod_proxy_http and mod_proxy_connect on my debian 
box (apache 2.2.3).

After a couple of hours, I got the first spammer trying to abuse it - 
the access log showed

... CONNECT ...:25 HTTP/1.0 ...

though nothing in the error logs.

iftop tells me, however, that no traffic actually leaves the machine on 
that port, which is what I would expect given that I have turned off 
proxying globally

<IfModule mod_proxy.c>

         ProxyRequests Off
         ProxyVia Off

         <Proxy *>
                 AddDefaultCharset off

                 Order deny,allow
                 Deny from all

                 ProxyFtpDirCharset UTF-8

         AllowCONNECT 22


and allow only CONNECTs to port 22.

I also have a virtual host

<VirtualHost *>
         ServerName ...

         ProxyRequests On

         <Proxy *>
                 Order deny,allow
                 Allow from ...

         AllowCONNECT 22


which turns it on, but 1. that would be hard to guess and 2. it still 
should only connect to port 22.

Indeed my own tries to use the non-virtual host proxy fail and the 
virtual hosts ones succeed. So far so good, but now my questions:

1. If the spammer fails to send mail, why does he keep trying? What did 
actually change from his perspective compared to not loading 
mod_proxy_connect at all?
2. Can I somehow get the apache logs to tell me whether the spamming 
succeeds or not? LogLevel debug does not echo a thing more.

I think apache is configured correctly but it's somewhat disturbing to 
see CONNECT sth:25 in the access log while nothing in the error log.

Thank you for your information,


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message