[Thread Prev][Thread Next][Index]

ProxyRequest On abuse

I just noticed my web server going a bit nuts and looked at the logs to
see what was going on.  There were MANY entries like:

clientname - - [16/Apr/2003:15:42:06 -0400] "GET http://questionable.site.com/ HTTP/1.0" 200 ... 

That is, some people were using my server to go to other questionable
sites.  I'm not certain what the purpose of this is other than to try to
hide where the original request was coming from (making it look like my
server was the real originator).

The cause of this is that I had set: 

	ProxyRequest On 

in my httpd.conf file for Apache. I think this was part of the
instructions of installing LAS 6, or it was recommended to me via the
email list. In order to fix the current problem I uncommented the section
below the above statement and changed it to allow my domain:

<Directory proxy:*>
    Order deny,allow
    Deny from all
    Allow from .umeoce.maine.edu

This now allows anyone from our domain to access LAS 6 but noone else.  
It has stopped the questionable requests from succeeding but it hasn't
stopped the requests yet.  I'm sure they will die down once they realize
that it isn't working anymore.  Don't people have better things to do with
their time?

What is the best way to set this up?  Presumably there is some way to set
it up such that anyone can access the LAS 6 (not just my domain) site but
noone can use the site to forward on requests to other sites?  I guess I'm
hoping for a way to say: Forwarding is OK, only if it is coming from and
going to my server, although on a different port.


 Steve Cousins                 Email: cousins@umit.maine.edu
 Research Associate            Phone: (207) 581-4302
 Ocean Modeling Group
 School of Marine Sciences     208 Libby Hall
 University of Maine           Orono, Maine 04469

[Thread Prev][Thread Next][Index]

Dept of Commerce / NOAA / OAR / PMEL / TMAP
Contact Us | Privacy Policy | Disclaimer | Accessibility Statement