Hello,I set up mod_proxy, mod_proxy_http and mod_proxy_connect on my debian box (apache 2.2.3).
After a couple of hours, I got the first spammer trying to abuse it - the access log showed
... CONNECT ...:25 HTTP/1.0 ... though nothing in the error logs.iftop tells me, however, that no traffic actually leaves the machine on that port, which is what I would expect given that I have turned off proxying globally
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyVia Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
ProxyFtpDirCharset UTF-8
</Proxy>
AllowCONNECT 22
</IfModule>
and allow only CONNECTs to port 22.
I also have a virtual host
<VirtualHost *>
ServerName ...
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from ...
</Proxy>
AllowCONNECT 22
</VirtualHost>
which turns it on, but 1. that would be hard to guess and 2. it still
should only connect to port 22.
Indeed my own tries to use the non-virtual host proxy fail and the virtual hosts ones succeed. So far so good, but now my questions:
1. If the spammer fails to send mail, why does he keep trying? What did actually change from his perspective compared to not loading mod_proxy_connect at all? 2. Can I somehow get the apache logs to tell me whether the spamming succeeds or not? LogLevel debug does not echo a thing more.
I think apache is configured correctly but it's somewhat disturbing to see CONNECT sth:25 in the access log while nothing in the error log.
Thank you for your information, Jens --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|