[users@httpd] SUMMARY:still hacking proxy-attempts accepted by webserver

Thu, 07 Jul 2011 02:36:44 -0700 


thx to Eric Covener (the sole replier on my mail), he pointed me in the right 
direction : 

Without any 'proxy' modules loaded, I needed to configure a 'honeypot' 
virtualhost to catch any request that doesn't contain one of my hostnames (like 
"www.mydomain.be"),[1]  and deny access to them all. 

By placing this extra virtualhost as the first in the config, it becomes the 
"default" one. 

These are the config lines I added : 

<VirtualHost *:80>
    ServerName default.only
    <Location "/">
           order allow,deny
           Deny from all
    </Location>
</VirtualHost>

works like a charm. 

Testing is done with a TELNET to my web server's internal IP address, port 80, 
and entering the following: 

GET http://www.yahoo.com/  HTTP/1.1
Host: www.yahoo.com

(followed by double newlines)

cheers 

Rob

Citeren Rob De Langhe <rob.de.lan...@twistfare.be>: 

> hi,
>
> despite me disabling the "proxy*" modules from my Apache, I see still 
> occasionally some succesfull hack attempts via my server (code 200) :
>
> 125.46.73.7 - - [30/Jun/2011:11:54:09 +0200] "GET http://www.baidu.com/ 
> HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
>
> The loaded modules in my Apache are :
>
> # /usr/apache2/bin/httpd -M | sort
>  actions_module (shared)
>  alias_module (shared)
>  auth_basic_module (shared)
>  authn_dbm_module (shared)
>  authn_default_module (shared)
>  authn_file_module (shared)
>  authz_dbm_module (shared)
>  authz_default_module (shared)
>  authz_groupfile_module (shared)
>  authz_host_module (shared)
>  authz_user_module (shared)
>  autoindex_module (shared)
>  cgi_module (shared)
>  core_module (static)
>  dbd_module (shared)
>  dir_module (shared)
>  dumpio_module (shared)
>  env_module (shared)
>  expires_module (shared)
>  headers_module (shared)
>  http_module (static)
>  include_module (shared)
>  log_config_module (shared)
>  logio_module (shared)
>  mime_module (shared)
>  mpm_prefork_module (static)
>  negotiation_module (shared)
>  php5_module (shared)
>  setenvif_module (shared)
>  so_module (static)
>  ssl_module (shared)
>  vhost_alias_module (shared)
>
> Can anyone please shed some light on this mystery  ?
>
> thx a lot in advance
> Rob
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.



Links:
------
[1] http://www.mydomain.be


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Reply via email to