httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Preventing an open proxy with both a single SSL virtual host and a non-SSL virtual host
Date Tue, 18 Feb 2014 15:35:41 GMT
On Tue, Feb 18, 2014 at 3:00 PM, Richard Mixon <rnmixon@custco.biz> wrote:
> Jonas/Yehuda,
>
> The example I chose was a bad one, just rushing to get the mail out I guess. The vast
majority of the requests have a return of 200, with a few 503.
>

Yes, your configuration is not right - you are configuring a reverse
proxy, but then you enable forward proxy. This is *not right*, you
have configured an open forward proxy.

Make 100% sure that you have "ProxyRequests off" when you are
configuring a reverse proxy; this forces all forward proxy behaviour
off.

In your "catch all" vhost, you will see any request made to your
server for a hostname not configured on your server - free traffic!
The common thing to do is to redirect people from your catch all host
to an interesting vhost

So:

ProxyRequests off # We are not a forward proxy

<VirtualHost *:80>
   # the catch all vhost
   Redirect permanent / http://some-where-interesting.com/
</VirtualHost>

Cheers

Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message