Are those odd requests actually working? From your log it look like they get a 403 error which is exactly what your configuration is saying should happen.
- Y (Had to remove your links so this would get through the spam filter) On Thu, Feb 13, 2014 at 2:16 AM, Richard Mixon <rnmi...@custco.biz> wrote: > > We've setup a new Apache server on Centos 6.4, httpd 2.2.15. > > The site is running SSL with a single Wordpress virtual host. We do use > mod_proxy to forward some requests to back-end systems our CAS authentication > system and a couple of other back-end systems we need a limited amount of > content from. We've done this often in the past, but this configuration is a > bit different. > > All was fine until we created a simple (additional) virtual host on port 80 > for the sole purpose of redirecting users that forgot to type in the https in > the url. After that we started getting flooded with requests such as the > following: > > 64.120.77.151 - - [13/Feb/2014:00:03:05 -0700] "GET <<<<>>>> HTTP/1.0" 403 > 283 "<<<<>>>>" "Mozilla/5.0 (Windows NT 7.1) AppleWebKit/534.30 (KHTML, like > Gecko) Chrome/12.0.742.112 Safari/534.30" > > We shut the port 80 virtual host down and everything was returned to normal > and we started looking for a solution. We came across what appeared to be a > couple of excellent articles that addressed the problem: > > 1) The "Why do I see requests for other sites appearing in my log files?" > section at http://wiki.apache.org/httpd/FAQ > > 2) The solution on this posting > http://serverfault.com/questions/283200/my-virtualhosts-overlap-and-my-namevirtualhost-has-no-virtualhosts > > Well what seemed a nice clear solution has not worked so well. I'm thinking > it is because we have both a single SSL virtual host and a (now two) non-SSL > host. > > Our main httpd.conf file contains: > ... > ## *************** > #Listen 80 > Listen 443 > ## *************** > ... > NameVirtualHost *:80 > NameVirtualHost *:443 > ... > Include conf/VirtualHost.d/*.conf > > then we have what is now a single Virtual Host config file - but was > originally three (01-vhost.conf, 02-vhost.conf and 03-vhost.conf), I combined > them thinking the ordering might not be correct. > > Anyway here's the content of the Virtual hosts config: > > # Purpose is to prevent open proxy configuration. > # This Virtual Host config must be named so it appears first, > # i.e. 00-default.only.conf > <VirtualHost *:80> > ServerName default.only > ErrorLog logs/default.only-error_log > CustomLog logs/default.only-access_log combined > <Location /> > Order allow,deny > Deny from all > </Location> > </VirtualHost> > > # This is the virtual host we really need on port 80 > <VirtualHost *:80> > ServerAdmin rnmi...@custco.biz > DocumentRoot /var/www/community.acmeinc.com > ServerName community.acmeinc.com > ErrorLog logs/community.acmeinc.com-error_log > CustomLog logs/community.acmeinc.com-access_log combined > > ProxyRequests Off > ProxyPreserveHost Off > > RewriteCond %{HTTP_HOST} ^community\.acmeinc\.com [NC] > RewriteRule / https://community.acmeinc.com/ [L,R,NE] > > </VirtualHost> > > # This is the main real virtual host > <VirtualHost *:443> > ServerAdmin rnmi...@custco.biz > ServerName community.acmeinc.com > ErrorLog logs/community.acmeinc.com.ssl-error_log > CustomLog logs/community.acmeinc.com.ssl-access_log combined > > SSLEngine on > SSLProtocol all -SSLv2 > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW > SSLCertificateFile /etc/pki/tls/certs/community_acmeinc_com.crt > SSLCertificateKeyFile /etc/pki/tls/private/community.acmeinc.com.key > SSLCertificateChainFile > /etc/pki/tls/certs/community_acmeinc_com.ca-bundle > SSLProxyEngine On > SSLProxyCACertificateFile /etc/tomcat7/tomcat-server.pem > > ProxyRequests On > ProxyPreserveHost On > > <Location /cas/> > ProxyPass https://community.acmeinc.local:8443/cas/ > ProxyPassReverse https://community.acmeinc.local:8443/cas/ > </Location> > > <Proxy https://community.acmeinc.local:8443/cas/> > AllowOverride None > Order allow,deny > Allow from All > </Proxy> > > <Location /TicketSales/> > ProxyPass http://www.acmeinc.local/TicketSales/ > ProxyPassReverse http://www.acmeinc.local/TicketSales/ > </Location> > > <Proxy http://www.acmeinc.local/TicketSales/> > AllowOverride None > Order allow,deny > Allow from All > </Proxy> > > <Location /rhythm/> > ProxyPass https://community.acmeinc.local:8443/rhythm/ > ProxyPassReverse https://community.acmeinc.local:8443/rhythm/ > </Location> > > <Proxy https://community.acmeinc.local:8443/rhythm/> > AllowOverride None > Order allow,deny > Allow from All > </Proxy> > > DocumentRoot /var/www/community.acmeinc.com > <Directory /var/www/community.acmeinc.com> > Options Indexes FollowSymLinks MultiViews > AllowOverride all > Order allow,deny > allow from all > </Directory> > > </VirtualHost> > > Problem - if we uncomment the "Listen 80" directive to let the port 80 > virtual hosts work, we become an open proxy again. > > Here is the output from a dump of the virtual host config: > > /usr/sbin/httpd -t -D DUMP_VHOSTS > VirtualHost configuration: > wildcard NameVirtualHosts and _default_ servers: > *:443 is a NameVirtualHost > default server community.acmeinc.com > (/etc/httpd/conf/VirtualHost.d/01-community.acmeinc.com.conf:30) > port 443 namevhost community.acmeinc.com > (/etc/httpd/conf/VirtualHost.d/01-community.acmeinc.com.conf:30) > *:80 is a NameVirtualHost > default server default.only > (/etc/httpd/conf/VirtualHost.d/01-community.acmeinc.com.conf:4) > port 80 namevhost default.only > (/etc/httpd/conf/VirtualHost.d/01-community.acmeinc.com.conf:4) > port 80 namevhost community.acmeinc.com > (/etc/httpd/conf/VirtualHost.d/01-community.acmeinc.com.conf:15) > Syntax OK > > What am I missing? Any help or hints is greatly appreciated. > > Thank you - > > > -- > Richard Mixon > Custom Computer Creations, L.L.C. > mobile: (480) 577-6834 office: (480) 614-3442 > email: rnmi...@custco.biz <mailto:rnmi...@custco.biz> > Microsoft Partner ID: 1263725 > The messages and documents transmitted with this notice contain confidential > information belonging to the sender. If you are not the intended recipient of > this information, you are hereby notified that any disclosure, copying, > distribution or use of the information is strictly prohibited. If you have > received this transmission in error, please notify the sender immediately. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
