RE: DoS attack on mod_ssl 2.8.12 ??
I have heard from several sources Apache version 1.x for Windows does not thread very well. The first real Win32 version is Apache 2.0. This does not answer your question, I know, but it's something to consider in formulating a long-term solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sergey Strakhov Sent: Thursday, December 19, 2002 8:04 AM To: [EMAIL PROTECTED] Cc: Pedro Nascimento; Greg Davydouski Subject: DoS attack on mod_ssl 2.8.12 ?? Hello, We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl 2.8.12 + openssl 0.9.6g running on Windows 2000. It is a sort of DoS attack that makes our web site totally inaccessible. One of those attacks was captured with Ethereal. The dump is attached. As you can see, the attack is accomplished through both HTTP (80) and HTTPS (443) ports. First, the connection is opened to the HTTP port and a malformed HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port (probably with an intention to produce a crash described in http://www.cert.org/advisories/CA-2002-27.html or just to determine the host's Server version). The server responds with "HTTP/1.1 400 Bad request" and closes the connection. After that the attacker starts opening connections to the HTTPS port. One of them is used to send SSLv2 Client Hello request. From this point the web server starts rejecting all incoming connections and the web site stops responding on both HTTP and HTTPS ports. The error log usually contains records like: [..time..] [error] [client ..] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [..time..] [error] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting Is this problem related to mod_ssl anyhow? Do you expect any fix for this problem soon? Regards P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl & mod_proxy
This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the communitys help in resolving it. Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall. Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser. Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all. Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules. Heres the system configuration: Linux version 2.2.16-22smp gcc version egcs-2.91.66 Server version: Apache/1.3.27 (Unix) Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c OpenSSL 0.9.6g 9 August 2002 httpd.conf AddModule mod_proxy.c ProxyRequests off NoCache * AllowCONNECT 443,80 Order Allow,Deny Allow from All ProxyRemote * http://1.2.3.4:85 NameVirtualHost * Listen *:443 SSLEngine on ServerName www.mydomain.com DocumentRoot /usr/local/apache/htdocs ErrorLog logs/443-error_log Listen *:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/apache/www ServerName www1.mydomain.com ErrorLog logs/80-error_log Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated. Regards, Hamid.
RE: mod_ssl & mod_proxy
Apache does get the requests in my case, as verified in log files created by CustomLog /usr/local/apache/logs/referer_log refererCustomLog /usr/local/apache/logs/agent_log agent in httpd.conf. BTW, my LDAP authentication is handled by the internal (iPlanet) web server. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of AlexandreSent: Thursday, December 05, 2002 8:53 AMTo: [EMAIL PROTECTED]Subject: Re: mod_ssl & mod_proxyoh my God i have the exactly the same problem ... the only diference is that my autentication is on Ldap directory in the internal net when a click on link http://host.myinternalnet.com nothing hapen only the loop and the apache dont get a request im sniffing the interfaces but the request dont send ok. any people can help us ??? thanks Alexandre HMajidy wrote: This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the community?s help in resolving it. urn:schemas-microsoft-com:office:office" /> Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall. Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser. Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all. Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules. Here?s the system configuration: Linux version 2.2.16-22smp gcc version egcs-2.91.66 Server version: Apache/1.3.27 (Unix) Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c OpenSSL 0.9.6g 9 August 2002 httpd.conf AddModule mod_proxy.c ProxyRequests off NoCache * AllowCONNECT 443,80 Order Allow,Deny Allow from All ProxyRemote * http://1.2.3.4:85 NameVirtualHost * Listen *:443 SSLEngine on ServerName www.mydomain.com DocumentRoot /usr/local/apache/htdocs ErrorLog logs/443-error_log Listen *:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/apache/www ServerName www1.mydomain.com ErrorLog logs/80-error_log Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated. Regards, Hamid. PS. Please reply to [EMAIL PROTECTED] as well as to this list.
RE: mod_ssl & mod_proxy
Thanks for your reply. The behavior is the same with ProxyPass and ProxyPassReverse instead of ProxyRemote. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christopher McCrory Sent: Thursday, December 05, 2002 10:29 AM To: [EMAIL PROTECTED] Subject: Re: mod_ssl & mod_proxy Hello... On Thu, 2002-12-05 at 10:12, HMajidy wrote: > This is to report a problem with Apache with mod_ssl and mod_proxy, > and to request the community’s help in resolving it. > > > > Objective: The objective is to set up Apache as a reverse proxy, to > receive encrypted HTTPS traffic over the Internet and to convert it to > HTTP and direct it to a web server through a firewall. > >From what I see, you don't have a proxypass directive, ala: ProxyPass/foohttp://cruella.pricegrabber.com/foo ProxyPassReverse /foohttp://cruella.pricegrabber.com/foo > > > Problem: Apache seems to be redirecting traffic to the virtual hosts > on the local filesystem correctly, but mod_proxy does not seem to send > requests to remote URL (as specified by ProxyRemote directive below). > SSL does display correct certificate from requesting browser. > > > > Troubleshooting Steps Taken: Experimenting with the target URL (IP and > hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) > I have not been able to establish that proxy is doing anything at all. > > Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well > as statically linked in modules. > > > > Here’s the system configuration: > > Linux version 2.2.16-22smp > > gcc version egcs-2.91.66 > > Server version: Apache/1.3.27 (Unix) > > Compiled-in modules: > > http_core.c > > mod_env.c > > mod_log_config.c > > mod_mime.c > > mod_negotiation.c > > mod_status.c > > mod_include.c > > mod_autoindex.c > > mod_dir.c > > mod_cgi.c > > mod_asis.c > > mod_imap.c > > mod_actions.c > > mod_userdir.c > > mod_alias.c > > mod_access.c > > mod_auth.c > > mod_proxy.c > > mod_setenvif.c > > mod_ssl.c > > OpenSSL 0.9.6g 9 August 2002 > > > > httpd.conf > > AddModule mod_proxy.c > > > > ProxyRequests off > > NoCache * > > AllowCONNECT 443,80 > > > > Order Allow,Deny > > Allow from All > > > > ProxyRemote * http://1.2.3.4:85 > > > > NameVirtualHost * > > Listen *:443 > > > > SSLEngine on > > ServerName www.mydomain.com > > DocumentRoot /usr/local/apache/htdocs > > ErrorLog logs/443-error_log > > > > Listen *:80 > > > > ServerAdmin [EMAIL PROTECTED] > > DocumentRoot /usr/local/apache/www > > ServerName www1.mydomain.com > > ErrorLog logs/80-error_log > > > > > > Can anyone see a conflict or omission in this configuration? Does > anyone have these two modules working together in a reverse proxy > scenario? Any help or suggestions would be appreciated. > > > > Regards, > > Hamid. > > > > PS. Please reply to [EMAIL PROTECTED] as well as to this list. -- Christopher McCrory <[EMAIL PROTECTED]> Pricegrabber __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl & mod_proxy
This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the communitys help in resolving it. Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall. Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser. Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all. Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules. Heres the system configuration: Linux version 2.2.16-22smp gcc version egcs-2.91.66 Server version: Apache/1.3.27 (Unix) Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_proxy.c mod_setenvif.c mod_ssl.c OpenSSL 0.9.6g 9 August 2002 httpd.conf AddModule mod_proxy.c ProxyRequests off NoCache * AllowCONNECT 443,80 Order Allow,Deny Allow from All ProxyRemote * http://1.2.3.4:85 NameVirtualHost * Listen *:443 SSLEngine on ServerName www.mydomain.com DocumentRoot /usr/local/apache/htdocs ErrorLog logs/443-error_log Listen *:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/apache/www ServerName www1.mydomain.com ErrorLog logs/80-error_log Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated. Regards, Hamid. PS. Please reply to [EMAIL PROTECTED] as well as to this list.