[unisog] Pseudo-anon apache proxy/relay bug?

Huba Leidenfrost huba at uidaho.edu
Wed Jan 23 20:46:14 GMT 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Turns out it's a lack of apache config smarts amongst our web folks. 
A simple control block like so fixes this:

<Directory proxy:*>
Order Deny,Allow
Deny from !^129\.101.*
Allow from ^129\.101.* 
</Directory>

Thanks Susan!

On to the next task--figuring out why nessus plugins auto-update
script is broke.

- -Huba

- -----Original Message-----
From: salderma at mabel.cis.brown.edu
[mailto:salderma at mabel.cis.brown.edu]
Sent: Wednesday, January 23, 2002 12:03 PM
To: Huba Leidenfrost
Subject: Re: [unisog] Pseudo-anon apache proxy/relay bug?



I think it's a straight configuration option in Apache.  Check out
mod_proxy.  It's one of Apache's core modules - meaning that it's in
the
standard Apache download and does not have to be added and compiled
in.

Documentation on this module is available here:

http://httpd.apache.org/docs/mod/mod_proxy.html

Check out the ProxyRequests directive.  I believe that's the one you
need
to look for.

Best of luck,
Susan


On Wed, 23 Jan 2002, Huba Leidenfrost wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Even though we don't have proxying enabled, it appears that on one
> of our apache web servers seems to have a proxy "feature" enabled
> that shouldn't be.  I can point to it as my proxy and it will
> gladly fetch anything I want.  My IP still shows up as the
> requester but the end site I wish to surf sees the webserver as the
> requesting IP and not mine.  Somewhat of a poor-mans pseudo-anon
> proxy.  I've searched for a bug saying this is fixed in a newer
> version of apache but can't
> find any mention of it.
>
> Has anyone else noticed this problem?  It showed on the radar
> because our access_log on one of our webservers grew tremendously
> and we
> noticed the volume was all requests for porn sites being made from
> IPs outside of our /16.
>
>      H  u  b  a
> - - - - --
>    ---   O      HUBA LEIDENFROST         Systems Security Analyst
>    --   <^-     huba at uidaho.edu   Information Technology Services
>   --  -\/\                  http://2170928926/~huba
>   ---     \     TEL: 208.885.2126               FAX: 208.885.7539
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use
> <http://www.pgp.com> 
>
> iQA/AwUBPE8SmUpG2S0cMeJwEQI+iwCgwmxCv/jbsd486y71Mgomeu4/XGgAniI4
> R9gs46JJOtpYPSOpNvp/q6ck
> =eJvo
> -----END PGP SIGNATURE-----
>
>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPE8hFkpG2S0cMeJwEQLejgCgs2GRt7mJ6Ka02vddrzgziNu8zs8AoPTm
bH8Mg/Yz3tUzDtUgRSn7bsKS
=3RvU
-----END PGP SIGNATURE-----



More information about the unisog mailing list