Hi :)
>Perhaps you have modified your logformat to log origclientaddr?
Yes, I have. Our modified LogFormat puts ORIGCLIENTADDR where originally
the IP-adress is.
>Are you running mod_cache?
# mod_cache directives
CacheDefaultExpire 3600
CacheEnable disk /
CacheIgnoreHeaders Set-Cookie
CacheIgnoreNoLastMod On
CacheLastModifiedFactor 0.1
CacheMaxExpire 86400
# End of mod_cache directives.
# mod_disk_cache directives
CacheRoot "/scratch/apache_proxy_cache/mod_proxy"
Yup ;)
>Are you sure that the correct virtualhost is being matched?
Yes, none else has access to this part of the CMS.
>Exactly what document is getting served to this client?
Repeating step a.) shows the complete page (including pictures) as step
b.
Originally, in step b.), it's served from the CMS but in step c.) logs
show it being served from exactly that virthost without RewriteConds
even being touched (no line in RewriteLog).
Thanks for your quick reply! /Carsten
>-----Original Message-----
>From: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] On Behalf Of
>Joshua Slive
>Sent: Thursday, September 28, 2006 4:52 PM
>To: users@xxxxxxxxxxxxxxxx
>Subject: Re: [users@httpd] Security glitch with Rewrite and Proxy
>
>
>On 9/28/06, Germer, Carsten <carsten.germer@xxxxxxx> wrote:
>> Hello everyone!
>>
>> I hope there is someone out there who can help with this or
>can point me
>> out to someone who might be able to...
>> We use Scientific Linux IV (based on Redhat Enterprise 4) and Apache
>> 2.2.3-1i386 (RPM from Apache)
>>
>> Here is the snippet from my virthost
>> RewriteEngine on
>> # Block every IP that is not from DESY
>> RewriteCond %{HTTP:ORIGCLIENTADDR} ^131\.169\.* [OR]
>> RewriteCond %{HTTP:ORIGCLIENTADDR} ^141\.34\.*
>> RewriteRule ^(.*) http://localhost:8080/sites/mysite$1 [P,L]
>> RewriteRule ^(.*) http://www.desy.de/ [L]
>>
>> (Info: ORIGCLIENTADDR is a variable set by our loadbalancer
>to use for
>> rewriting and logging purposes.)
>
>> NOW, if I repeat step a.) suddenly the virthostlog shows
>> 192.76.172.251 - - [28/Sep/2006:15:40:17 +0200] "GET / HTTP/1.0" 200
>> 16173 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
>rv:1.8.0.7)
>> Gecko/20060909 Firefox/1.5.0.7"
>> and there is not even a single line in the RewriteLog!
>
>Where exactly is this log coming from. Because if it was the log on
>your back-end apache server, then it should contain the IP address of
>the loadbalancer and not that of the client.
>
>Perhaps you have modified your logformat to log origclientaddr?
>
>In that case, this could be caused by any number of things. Are you
>running mod_cache? Are you sure that the correct virtualhost is being
>matched? Exactly what document is getting served to this client? One
>in the local filesystem, or something from the localhost:8080 site?
>
>Joshua.
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|