httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert <rob...@redcor.ch>
Subject [users@httpd] preventing acting as open relay
Date Fri, 22 May 2015 14:48:19 GMT
Hi there,

I try to harden a virtual host against acting as proxy relay.
However running the command:

curl --proxy http://slovensko.ch:80 http://yahoo.com

does return the yahoos site, so I assume, that I failed.

Can anybody please point me to any mistake in the following configuration.

The site itself is generated using the zope/plone framework.

thanks
robert

#
# slovensko
# -------------------
#_robert_
<VirtualHost *:80>
     DocumentRoot /var/www

     ServerAdmin robert@redcor.net
     ServerName  www.slovensko.ch
     ServerAlias slovensko.ch
     CustomLog     /var/log/apache2/slovensko-access.log combined
     ErrorLog      /var/log/apache2/slovensko-error.log
     LogLevel warn

     ServerSignature On

     Header set X-Frame-Options "SAMEORIGIN"
     Header set Strict-Transport-Security "max-age=15768000; 
includeSubDomains"
     Header set X-XSS-Protection "1; mode=block"
     Header set X-Content-Type-Options "nosniff"
     Header set Content-Security-Policy-Report-Only "default-src 'self'; 
img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 
'unsafe-eval'"

     ProxyVia On

     # prevent your web server from being used as global HTTP proxy
     <LocationMatch "^[^/]">
       Deny from all
     </LocationMatch>

     <Proxy *>
         Order deny,allow
         Allow from all
     </Proxy>

     RewriteEngine On
     RewriteRule "^proxy:[a-z]*://[^/]*:25(/|$)" "-" [F,NC,L]

     # Normalize URLs by removing trailing /'s
     RewriteRule /(.*)/$ 
http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1

[L,P]
     RewriteRule ^/(.*) 
http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1

[L,P]

</VirtualHost>




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message