Pseudo-anon apache proxy/relay bug?

Huba Leidenfrost huba at uidaho.edu
Wed Jan 23 19:44:25 GMT 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Even though we don't have proxying enabled, it appears that on one of
our apache web servers seems to have a proxy "feature" enabled that
shouldn't be.  I can point to it as my proxy and it will gladly fetch
anything I want.  My IP still shows up as the requester but the end
site I wish to surf sees the webserver as the requesting IP and not
mine.  Somewhat of a poor-mans pseudo-anon proxy.  I've searched for
a bug saying this is fixed in a newer version of apache but can't
find any mention of it.

Has anyone else noticed this problem?  It showed on the radar because
our access_log on one of our webservers grew tremendously and we
noticed the volume was all requests for porn sites being made from
IPs outside of our /16.

     H  u  b  a
- - - - --
   ---   O      HUBA LEIDENFROST         Systems Security Analyst
   --   <^-     huba at uidaho.edu   Information Technology Services
  --  -\/\                  http://2170928926/~huba 
  ---     \     TEL: 208.885.2126               FAX: 208.885.7539
 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPE8SmUpG2S0cMeJwEQI+iwCgwmxCv/jbsd486y71Mgomeu4/XGgAniI4
R9gs46JJOtpYPSOpNvp/q6ck
=eJvo
-----END PGP SIGNATURE-----



More information about the unisog mailing list