On Jul 28, 2009, at 7:06 AM, Mark Phillips wrote:
Ric,
Thanks for all your help. One last question. I have read almost all
of the help pages on the plone site about setting up zope behind
apache, and one of them recommended this addition to the apache
config:
# prevent the webserver from being used as proxy
<LocationMatch "^[^/]">
Deny from all
</LocationMatch>
Is it necessary?
No.
Also, (ok, two questions...;-) ) how can I test if my server is
acting as an open proxy from the command line - my server does not
have X running? I google that, and found one reference that suggested
telnet xxx.xxx.xxx.xxx 80
GET http://www.yahoo.com HTTP/1.1
If yahoo is returned, then it is acting as an open proxy. Are there
other ways?
Thanks!
Mark
The test above will only reveal an "HTTP" proxy on port 80, but will
not reveal a non-HTTP proxy or a proxy on another port. Note that a
forward proxy is only an "open proxy" if it's accessible to the
general anonymous public. There are legitimate uses for forward
proxies in more controlled deployments.
Yes, there are other ways to test for open proxies. For a more
comprehensive test, you could run something like proxycheck (http://www.corpit.ru/mjt/proxycheck.html
) on a list of ports collected from a port scan. I believe there are
also some web based services out there somewhere.
In the Apache case, you just need to ensure you have ProxyRequests set
to "off" (which is the default) and you're fine. Unless you truly
need to run a forward proxy, in which case, you should very carefully
read the Apache docs on how to set this up safely.
Some misc. info on securing open proxies:
http://www.spamlinks.net/prevent-secure-proxy-fix.htm
Ric
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
