preventing acting as open relay

[robert <robert@xxxxxxxxx>]

Hi there,

I try to harden a virtual host against acting as proxy relay.
However running the command:

curl --proxy http://slovensko.ch:80 http://yahoo.com

does return the yahoos site, so I assume, that I failed.

Can anybody please point me to any mistake in the following configuration.

The site itself is generated using the zope/plone framework.

thanks
robert

#
# slovensko
# -------------------
#_robert_
<VirtualHost *:80>
    DocumentRoot /var/www

    ServerAdmin robert@xxxxxxxxxx
    ServerName  www.slovensko.ch
    ServerAlias slovensko.ch
    CustomLog     /var/log/apache2/slovensko-access.log combined
    ErrorLog      /var/log/apache2/slovensko-error.log
    LogLevel warn

    ServerSignature On

    Header set X-Frame-Options "SAMEORIGIN"
    Header set Strict-Transport-Security "max-age=15768000; 
includeSubDomains"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options "nosniff"
    Header set Content-Security-Policy-Report-Only "default-src 'self'; 
img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 
'unsafe-eval'"

    ProxyVia On

    # prevent your web server from being used as global HTTP proxy
    <LocationMatch "^[^/]">
      Deny from all
    </LocationMatch>

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    RewriteEngine On
    RewriteRule "^proxy:[a-z]*://[^/]*:25(/|$)" "-" [F,NC,L]

    # Normalize URLs by removing trailing /'s
    RewriteRule /(.*)/$ 
http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1 
[L,P]
    RewriteRule ^/(.*) 
http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1 
[L,P]

</VirtualHost>




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx