httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens <jens-theisen-tm...@gmx.de>
Subject [users@httpd] mod_proxy_connect security questions
Date Wed, 12 Nov 2008 23:46:25 GMT
Hello,

I set up mod_proxy, mod_proxy_http and mod_proxy_connect on my debian 
box (apache 2.2.3).

After a couple of hours, I got the first spammer trying to abuse it - 
the access log showed

... CONNECT ...:25 HTTP/1.0 ...

though nothing in the error logs.

iftop tells me, however, that no traffic actually leaves the machine on 
that port, which is what I would expect given that I have turned off 
proxying globally

<IfModule mod_proxy.c>

         ProxyRequests Off
         ProxyVia Off

         <Proxy *>
                 AddDefaultCharset off

                 Order deny,allow
                 Deny from all

                 ProxyFtpDirCharset UTF-8
         </Proxy>

         AllowCONNECT 22

</IfModule>

and allow only CONNECTs to port 22.

I also have a virtual host

<VirtualHost *>
         ServerName ...

         ProxyRequests On

         <Proxy *>
                 Order deny,allow
                 Allow from ...
         </Proxy>

         AllowCONNECT 22

</VirtualHost>

which turns it on, but 1. that would be hard to guess and 2. it still 
should only connect to port 22.

Indeed my own tries to use the non-virtual host proxy fail and the 
virtual hosts ones succeed. So far so good, but now my questions:

1. If the spammer fails to send mail, why does he keep trying? What did 
actually change from his perspective compared to not loading 
mod_proxy_connect at all?
2. Can I somehow get the apache logs to tell me whether the spamming 
succeeds or not? LogLevel debug does not echo a thing more.

I think apache is configured correctly but it's somewhat disturbing to 
see CONNECT sth:25 in the access log while nothing in the error log.

Thank you for your information,

Jens


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message