How to disable Proxy/redirect in Apache?

Forum Moderators: phranque

Message Too Old, No Replies

How to disable Proxy/redirect in Apache?

machrsx

6:31 pm on Nov 23, 2003 (gmt 0)

Hi all, I have this strange entries in my Apache access log for sometime now and I can't search the web for anything useful. If somebody knows anything please help:

"CONNECT 1.3.3.7:1337 HTTP/1.1" 405 317

"GET /proxy HTTP/1.0" 404 273

"GET http://www.yahoo.com/ HTTP/1.1" 200 1210

"OPTIONS * HTTP/1.0" 200 - "-" "-"

"GET /sumthin HTTP/1.0" 404 275 "-" "-"

From the 3rd line I clearly see someone used my web server as a proxy or redirect to access to www.yahoo.com, and my web server actually permits it. I really want to disallow this kind of behavior and I wonder how I can do it? I checked my httpd.conf and I can see all of the directives in the <IfModule mod_proxy.c> tag are alrealy commented out and not in effect.

Is there any other place I should check?

[edited by: jdMorgan at 2:21 am (utc) on Nov. 24, 2003]
[edit reason] De-linked [/edit]

dmorison

6:36 pm on Nov 23, 2003 (gmt 0)

Firstly, have you confirmed that you are proxy'ing by trying it yourself? None of the log entries you posted actually imply that proxying is taking place.

GET http://www.yahoo.com/ HTTP/1.1" 200 1210

You see this ALL the time on busy sites; it's nothing to worry about; just a quirk in DNS somewhere down the line (or maybe a browser bug) that has caused a browser to end up at your IP address following a lookup for yahoo.com. In your case; I would guess that you are not using virtual hosting; and have therefore served your own default index page for that request. Is your own index page normally 1210 bytes?

[edited by: jdMorgan at 2:22 am (utc) on Nov. 24, 2003]
[edit reason] De-linked [/edit]

jdMorgan

8:35 pm on Nov 23, 2003 (gmt 0)

You can shut those proxy requests down with something like this:


# Restrict HTTP methods
RewriteCond %{REQUEST_METHOD} !^(GETŚHEADŚOPTIONSŚPOST)$
RewriteRule .* - [F]
# Block proxy requests
RewriteCond %{THE_REQUEST}  ^(GETŚHEADŚPOST)\ /?http:// [NC]
RewriteCond %{THE_REQUEST} !^(GETŚHEADŚPOST)\ /?http://(www\.)?yourdomain\.com/
RewriteCond %{THE_REQUEST} !^(GETŚHEADŚPOST)\ /?http://192\.168\.0\.37/
RewriteRule .* - [F]

substituting your hostname and IP address in there and escaping the periods with a preceding "\" as shown.

The others were all either rejected or handled harmlessly by your server.

Jim

machrsx

9:00 pm on Nov 23, 2003 (gmt 0)

Hi Morison and Morgan,

Thanks for the reply.

TO answer Morison's suggestion, I'm only guessing the request is using my Apache as a proxy, judging from the search returned by Google. My Apache is not configured as a virtual host, but your other guess is right. The index page on my server is 1218 bytes (close to 1210). Since I'm a newbie, can you tell me

1. how to produce the same log
"GET http://www.yahoo.com/ HTTP/1.1" 200 1210
in my access_log? i.e. What do I type in my brower URL to get such a log?

2. Can you interpret more on the "quirk in DNS"?

Regarding to Morgan's response, I'm affraid to dive in to the Mod_rewrite world cause I heard it's very powerful. I would like to keep things as simple as necessary. Besides, I'm not sure if the I.P. can be resolved because the server is behind a sidewinder through NAT. If it means it will need modification by the network guys then I would be out of luck (cause that means a lot of paper work for authorization).

[edited by: jdMorgan at 2:23 am (utc) on Nov. 24, 2003]
[edit reason] De-linked [/edit]