Hi Mark.Thank you very much for your precious suggestion. You're completely right. I read the information at https://wiki.apache.org/httpd/ProxyAbuse (the link you provided me) and the problem described is exactly the same I'm going to have. According to what explained in the above link I'm sure now my server is properly configured not to proxy requests to foreign domains. But I still would like to deny all those requests for random hostnames. I put in place what described in the section "I don't like the idea of my server responding to requests for random hostnames, even if it serves local content. How can I deny these requests?" of the article but I still see GET requests in the access.log
So is there something I did wrong or I didn't understand?
Many Thanks in advance.
P.S. If needed here is my server configuration
I use Apache Named-based Virtual Host with Tomcat 6.x webapps and my
server configuration is the following:
Server details:
- Ubuntu 10.04 64 bit
- Apache/2.2.14
- Tomcat 6.x
modules enabled:
mod_proxy, mod_proxy_http, mod_proxy_ajp
Configuration details:
/etc/apache2/apache2.conf
Standard configuration ......... plus at the end the log file for virtual hosts
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
/etc/apache2/proxy.conf
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
</Proxy>
ProxyVia Block
</IfModule>
/etc/apache2/sites-enabled/000-default -> ../sites-available/default
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/default
DirectoryIndex index.jsp index.html index.iface
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/default>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Deny from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Deny from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
/etc/apache2/sites-enabled/mysite1
<VirtualHost *:80>
ServerName mysite1.tld
ServerAliaswww.mysite1.tld
DocumentRoot /var/www/mysite1/
DirectoryIndex index.html index.jsp
<Proxy *>
Order Allow,Deny
Allow from all
</Proxy>
ProxyPass /mysite1 ajp://ip_address_tomcat1:8009/mysite1
ProxyPassReverse /mysite1 ajp://ip_address_tomcat1:8009/mysite1
</VirtualHost>
/etc/apache2/sites-enabled/mysite2
<VirtualHost *:80>
ServerName mysite2.tld
ServerAliaswww.mysite2.tld
DocumentRoot /var/www/mysite2/
DirectoryIndex index.html index.jsp
<Proxy *>
Order Allow,Deny
Allow from all
</Proxy>
ProxyPass /mysite2 ajp://ip_address_tomcat2:8009/mysite2
ProxyPassReverse /mysite2 ajp://ip_address_tomcat2:8009/mysite2
</VirtualHost>
/var/www/mysite1/index.html
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
<!--
window.location="http://www.mysite1.tld/mysite1/";;
// -->
</script>
</head>
<body>
<div style="visibility:hidden;">
<a href="http://www.mysite1.tld/mysite1/"; />
</div>
</body>
/var/www/mysite2/index.html
<html>
<head>
<SCRIPT LANGUAGE="JavaScript">
<!--
window.location="http://www.mysite2.tld/mysite2/";;
// -->
</script>
</head>
<body>
<div style="visibility:hidden;">
<a href="http://www.mysite2.tld/mysite2/"; />
</div>
</body>
Il 11/08/2012 15.34, Mark Montague ha scritto:
On August 11, 2012 6:33 , Carlo Traversa <traversa.carlo@xxxxxxxxx> wrote:As in the subject If I check the access.log and error.log I see a huge number of CONNECT, GET, POST requests that make no sense to me (please see *.log files in logs.zip).Please make it easy for people to help you. We are all volunteers. Asking us to download an attachment, unzip it, and then sort through hundreds of lines of logs makes it harder for us to help, resulting in many of us just ignoring your message.Instead of attaching zip'ed log files, just paste a few representative log lines into the body of the email message.No one of those requests are related to any of my hosted sistes. They aren't dangerous for apache server (or I hope so) because the reverse proxying is disabled (is it right?) but they are band consuming. Is there any way to avoid to receive those requests working on apache configuration? Or maybe there is something wrong in my configuration files?I have not looked at the log files you attached, but it sounds like you are describing "proxy abuse" requests. These are very common. With proxy abuse requests, you will see requests in your log files that are for sites you are not running. The solution is to first make sure that your proxy is properly configured to not pass the attacker's requests, and then, if you want, to set up a default virtual host to capture and deny such requests.A lot more information is available at https://wiki.apache.org/httpd/ProxyAbuseIf you look at the page above and determine that what you are seeing in your logs is not what the page above is talking about, please send the mailing list just a couple representative log lines so we can see what you're describing.-- Mark Montague mark@xxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|