Hi Igor,
First, thanks for the fast response!
----- "Hannes" <hannes.flo...@gmx.li> wrote:
Hi HTTPD Users,
I'm using Apache 2.2 on Debian (Kernel 2.6) as a proxy for my web
applications .
So far I got it all working, including SSL and stuff. But when I had a
look at the access.log, I saw hundreds of (mostly GET) requests to URL
which are not mine.
I'm not really sure what this means, but I think some bots are using
the
proxy to access other sites. Can that be?
I turned
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
With Allow/Deny from all, I can only restrict who can request the
proxy,
but I need to restrict the proxy to only forward request to
localhost.
Do I've to do that with iptables or is it possible within Apache?
First and foremost: Are you talking about a reverse proxy, or a forward proxy?
I'm not sure about the names, but I think I'm using it as a reverse
proxy. I'm using ProxyPass and ProxyPassReverse to integrate my web
application with Apache.
Here's some output from the access log:
178.140.66.211 - - [18/Oct/2010:10:26:06 +0200] "GET
http://counter.rambler.ru/top100.cnt?2159955 HTTP/1.1" 404 12750
"http://spyrt.ru" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;"
64.154.21.207 - - [18/Oct/2010:10:26:08 +0200] "CONNECT
login.icq.com:443 HTTP/1.0" 500 8308 "-" "Mozilla/7.00 [en] (WinNT; U ;Nav)"
82.83.86.100 - - [18/Oct/2010:12:01:08 +0200] "CONNECT 206.222.227.2:443
HTTP/1.0" 500 8303 "-" "-"
66.178.238.195 - - [18/Oct/2010:12:01:12 +0200] "CONNECT
login.icq.com:443 HTTP/1.0" 500 8303 "-" "Mozilla/7.00 [en] (WinNT; U ;Nav)"
64.154.21.207 - - [18/Oct/2010:12:01:15 +0200] "CONNECT
login.icq.com:443 HTTP/1.0" 500 8303 "-" "Mozilla/7.00 [en] (WinNT; U ;Nav)"
61.225.129.90 - - [18/Oct/2010:12:01:15 +0200] "GET
http://www.yahoo.com/ HTTP/1.1" 200 4853 "-" "Mozilla/4.0 (compatible;
MSIE 7.0; Windows NT 5.1; EmbeddedWB 14.52 from: http://www.bsalsa.com/
EmbeddedWB 14.52; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
61.225.129.90 - - [18/Oct/2010:12:01:16 +0200] "CONNECT
edit.yahoo.com:443 HTTP/1.1" 500 8303 "-" "Mozilla/4.0 (compatible; MSIE
7.0; Windows NT 5.1; Maxthon; Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1) )"
95.21.138.206 - - [18/Oct/2010:12:01:21 +0200] "GET
http://images.google.com/ HTTP/1.1" 200 15488 "-" "Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 6.0; WOW64; .NET CLR 1.1.4322; Media
Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)"
69.15.164.139 - - [18/Oct/2010:12:01:23 +0200] "CONNECT
login.icq.com:443 HTTP/1.0" 500 8303 "-" "Mozilla/7.00 [en] (WinNT; U ;Nav)"
178.161.129.26 - - [18/Oct/2010:12:01:29 +0200] "GET
http://images.google.com/ HTTP/1.1" 200 15488 "-" "Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 6.0; WOW64; .NET CLR 1.1.4322; Media
Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)"
If we're talking about a reverse proxy then:
* ProxyRequests Off is a good thing, and the way it should be.
* in this case the GET requests to foreign URLs should result in
403s
* <Proxy *> Allow from all -- is the way it should be, unless
you only want a specific target group to access it.
Most of time the requests end in a 500/404 but sometime in 200 (ok). But
I think that's the response from the foreign site, or?
Do you've any idea, how I can check, if this stuff is going out?
thanks.
If we're talking about a forward proxy.
* ProxyRequests needs to be On -- since we're actually a forward proxy
* In this case, the GET requests to foreign URLs will result
in 100, 20x, 30x results.
* You should limit your forward proxy's visibility via <Proxy *> allow from
127.0.0
The problem with limiting your server on IP level on the firewall is
that it's hard to distinguish between a customer doing a valid request
and one doing a proxy request to a foreign URL -- on IP level, that is.
thanks!
Hannes
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org