Return-Path: 
 <users-return-108578-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-users-archive@www.apache.org
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 46A3D1047F
	for <apmail-httpd-users-archive@www.apache.org>;
 Tue, 18 Feb 2014 15:01:35 +0000 (UTC)
Received: (qmail 11607 invoked by uid 500); 18 Feb 2014 15:01:31 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 11301 invoked by uid 500); 18 Feb 2014 15:01:30 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 11292 invoked by uid 99); 18 Feb 2014 15:01:29 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Feb 2014 15:01:29 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy includes SPF record at
 spf.trusted-forwarder.org)
Received: from [209.85.192.175] (HELO mail-pd0-f175.google.com)
 (209.85.192.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Feb 2014 15:01:23 +0000
Received: by mail-pd0-f175.google.com with SMTP id w10so16364425pde.20
        for <users@httpd.apache.org>; Tue, 18 Feb 2014 07:01:02 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:content-type:mime-version:subject:from
         :in-reply-to:date:content-transfer-encoding:message-id:references:to;
        bh=ADPcyHd/+SBoLHXFOa7GxZ+1x6aQuwe+YhsVPIG4gRU=;
        b=doNaI943X7NYwqUFyrq0HuQiaR+y+yxQqxwycpAHJufPOLRumD+iRIzICLVHTEL4DY
         qORqojtmlizF2RGhFwxvrYTq0FNtkb2rNiDN1imnIUMpfG/8FDP8sx+YersStU37A7b3
         sFjDQ9HdWowY1khHl0uvIvrVbKtRiq1GNp8kN7T3mTFh/G6rxEQlz0Knpxm3Wn+tTsnI
         tXJ9fJu8Z0V9EW1TO7Dni5u8//4W0HFxPH0i+7vM7KN3iayyZ01/DWB7Uyu87Mwap3Dn
         A/ZoRiuEifZIUEVvBNnfo+WRYYXFupXa4ibHthraU1pB5ZHyvrDLnFDFgcPII5cjbzLb
         7n4A==
X-Gm-Message-State: 
 ALoCoQnvErCmuYQbv1IBL6Wd2DpiBuSN1BJz0CVzK1Oa2cmF0jvSW6YJjayABNDAGJw/QocULwlu
X-Received: by 10.68.240.5 with SMTP id vw5mr33422654pbc.34.1392735662129;
        Tue, 18 Feb 2014 07:01:02 -0800 (PST)
Received: from [192.168.1.180] (wsip-184-183-25-66.ph.ph.cox.net.
 [184.183.25.66])
        by mx.google.com with ESMTPSA id
 pp5sm56720188pbb.33.2014.02.18.07.01.00
        for <multiple recipients>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Tue, 18 Feb 2014 07:01:01 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Richard Mixon <rnmixon@custco.biz>
In-Reply-To: <090452f7-9355-4a01-ae3c-33c00049f96f@email.android.com>
Date: Tue, 18 Feb 2014 08:00:58 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <AF58B50F-0A7D-46B1-A97E-E612D9034A64@CustCo.biz>
References: 
 <CAG39G0Rh3T6-=hX4nMz5MX03yMb8MGkb0pPSEQqmr65zSEdFxg@mail.gmail.com>
 <090452f7-9355-4a01-ae3c-33c00049f96f@email.android.com>
To: users@httpd.apache.org,
 jonas@truls.org
X-Mailer: Apple Mail (2.1827)
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Preventing an open proxy with both a single SSL
 virtual host and a non-SSL virtual host

Jonas/Yehuda,

The example I chose was a bad one, just rushing to get the mail out I =
guess. The vast majority of the requests have a return of 200, with a =
few 503.

I hope this reply goes through - I've waited a few days. Earlier replies =
to the list keep getting rejected due to SPAM scores - I kept removing =
content , thinking the HTTP access logs were the culprit - but that did =
not work.

I'm also sending it from an additional address I've subscribed.


Richard Mixon
Custom Computer Creations, LLC
RNMixon@CustCo.biz
mobile: 480-577-6834



On Feb 18, 2014, at 1:19 AM, Jonas Eckerman <jonas_lists@truls.org> =
wrote:

> Just commenting on you're logged request, not your config...=20
>=20
> What was it that made you think you had an open proxy?
> Was it only requests like the one below?=20
> Where they all answered with status 403?
>=20
> Richard Mixon <rnmixon@custco.biz> wrote:
>=20
>> After that we started getting flooded with requests such as the =
following:
>=20
>> 64.120.77.151 - - [13/Feb/2014:00:03:05 -0700] =
"GEThttp://ads.yahoo.com/st?ad_type=3Diframe&ad_size=3D160x600&section=3D4=
660128&pub_url=3D${PUB_URL}HTTP/1.0" 403 283 =
"http://creditsxchange.com/index.php/hotdeal/5536-the-times-of-india" =
"Mozilla/5.0 (Windows NT 7.1) AppleWebKit/534.30 (KHTML, like Gecko) =
Chrome/12.0.742.112 Safari/534.30"
>=20
> You should expect requests like that on any http=EE=87=AAserver open =
to the internet on port 80, just as you should expect scripted exploit =
probes.=20
>=20
> Since your server answered 403 (forbidden) the request logged above is =
not a problem and does not indicate an open proxy.=20
>=20
> Regards=20
> /jonas=20
> --=20
> Monypholite gemgas.
>=20
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>=20


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org