Hello,
I set up mod_proxy, mod_proxy_http and mod_proxy_connect on my debian
box (apache 2.2.3).
After a couple of hours, I got the first spammer trying to abuse it -
the access log showed
... CONNECT ...:25 HTTP/1.0 ...
though nothing in the error logs.
iftop tells me, however, that no traffic actually leaves the machine on
that port, which is what I would expect given that I have turned off
proxying globally
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyVia Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
ProxyFtpDirCharset UTF-8
</Proxy>
AllowCONNECT 22
</IfModule>
and allow only CONNECTs to port 22.
I also have a virtual host
<VirtualHost *>
ServerName ...
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from ...
</Proxy>
AllowCONNECT 22
</VirtualHost>
which turns it on, but 1. that would be hard to guess and 2. it still
should only connect to port 22.
Indeed my own tries to use the non-virtual host proxy fail and the
virtual hosts ones succeed. So far so good, but now my questions:
1. If the spammer fails to send mail, why does he keep trying? What did
actually change from his perspective compared to not loading
mod_proxy_connect at all?
2. Can I somehow get the apache logs to tell me whether the spamming
succeeds or not? LogLevel debug does not echo a thing more.
I think apache is configured correctly but it's somewhat disturbing to
see CONNECT sth:25 in the access log while nothing in the error log.
Thank you for your information,
Jens
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]