On 03/10/2011 02:16 PM, Rob De Langhe wrote:
hi,
while going occasionally through the access logs of a 2.2.17 Apache
server, I noticed some URLs of remote locations where my server would
have made a GET for ?!
an example:
194.0.122.134 - - [10/Mar/2011:02:26:55 +0100] "GET
http://www.ebay.com/ HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible;
MSIE 4.01; Windows 95)"
So the status code = 200 indicates that the server allowed that URL "http://www.ebay.com"
for the client 194.0.122.134 ...
And a Windows 95 client running IE4. Seriously.
I suspected that proxy functionality (enabled by default for long,
Incorrect. ProxyRequests has never been On by default in any apache
version that supports it.
The documentation clearly states that this is a security risk:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyrequests
but luckily in this 2.2.17 version it is not enabled by
default in the configs), so I checked the loaded modules :
# /usr/apache2/bin/apachectl -t -D DUMP_MODULES | grep -i prox
#
so none.
Which other module or config setting could have as effect that my
server accepts such requests ?
You need to provide more context - what distro is this ?
Did you install a package or compile it yourself ?
What does the error log say ?
What other modules are loaded ?
--
J.
|
