: Apache2 Unwantingly Allowing Proxy Requests I'm not sure if this is the right location, but this is fairly urgent. I have completely removed all traces of mod_proxy and the other mod_proxy
I'm not sure if this is the right location, but this is fairly urgent. I have completely removed all traces of mod_proxy and the other mod_proxy mods, although the Apache server continues to allow proxy requests. I have restarted numerous times, and have shut down until I can find an answer. I've noticed lots of requests from IPs in and around China to external sites such as free movie downloads and such. I'd like to prevent this from happening. I'll be grateful for any help I get.
More posts by @Lengel546
1 Comments
Sorted by latest first Latest Oldest Best
(from our emails, just to answer the question for future users)
Looking at your last line (access log) it seems that people are exploiting a remote-file-inclusion hole, rather than proxying via Apache directly. But you can be sure of this by forcing all possible proxy capabilities to be disabled.
You can try yourself to use your server as a proxy to access other sites and make sure that you get either a failure, or local content from your site. Among the ways to do this:
Configure your browser to use your web server as its default proxy server and then try to request foreign sites. You should get only your own website content back in reply.
Manually construct requests using telnet:
telnet yoursite.example.com 80
GET www.google.com/ HTTP/1.1
Host: google.com
Then press enter twice. If your server is properly configured, you should receive content from your own site and not Google. Source: apache.org
Failing that, still try this in the main config:
ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from none
AllowOverride none
</Proxy>
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.