1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 8:33 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

preventing abuse

tunneling thru apache

         

eusebio

11:43 pm on Dec 2, 2004 (gmt 0)

10+ Year Member



Hi
I found this line in my apache 2.0.49 log which
I can't either reproduce or understand how that was
possible.
I don't have the mod_proxy.c installed or run my server as proxy.
Can someone shed a light on exactly happened here, what risks are involved and how to prevent this?

67.234.73.158 - - [01/Dec/2004:15:47:33 +0100] "POST [67.234.73.158:25...] HTTP/1.1" 200 2480 "-" "-"

I don't allow any port forwarding or tunneling that I'm aware of.

Thanks in advance

jdMorgan

12:08 am on Dec 3, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



eusebio,

Welcome to WebmasterWorld!

> I don't have the mod_proxy.c installed or run my server as proxy.

Are you sure? From the 200-OK server response code, it looks like that attempt to use your server as a proxy was successful to me...

I use mod_rewrite to put a stop to this, while still allowing use of absolute URIs: 


Options +FollowSymLinks
RewriteEngine on
# BLOCK attempts to use our server as a proxy, but allow absolute URIs
RewriteCond %{THE_REQUEST} ^(GET¦HEAD¦POST)\ /?http:// [NC]
RewriteCond %{THE_REQUEST} !^(GET¦HEAD¦POST)\ /?http://(www\.)?(test\.)?[i]mydomain[/i]\.com/
RewriteRule .* - [F]

You may or may not need one or both of the first two lines, depending on your present server configuration.

Note to all: We do not normally "write code on request" in this forum, as we prefer to help people write their own code. But occasional exceptions are allowed for pressing security problems. More information on forum policies and references to mod_rewrite and related documentats are available in our forum charter [webmasterworld.com].

Jim

eusebio

7:19 am on Dec 3, 2004 (gmt 0)

10+ Year Member


Thanks,
but how do I verify? I don't know how to reproduce it, and BTW, I don't run apache as a proxy, I tried to use it
as a proxy without successfull result.

Now I have also added
<IfModule mod_proxy.c>
ProxyRequests Off
</IfModule>
which really shouldn't matter as I don't load the mod_proxy.c module anyway.

Thanks for your time

jdMorgan

1:50 pm on Dec 3, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A simple way to verify the code is to type "http://www.yourdomain.com/http://www.webmasterworld.com/" into your browser address bar, then try to load the page. You should get a 403-Forbidden response.

Then try: "http://www.yourdomain.com/http://www.yourdomain.com/", and this should load your home page if your server is set up properly.

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 8:33 pm May 1, 2026