You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Vincent Kargatis <ka...@kargatron.net> on 2004/02/07 04:52:54 UTC
open proxy behavior without obvious open-proxy config
[attempted post previously, but seems to have been silently swallowed.]
I have an apache server using mod_proxy that is acting like an open
proxy even though I have ProxyRequests turned Off.
the conf excerpt:
ProxyRequests Off
RewriteEngine on
RewriteRule ^/$ /index.html
#pass requests for / to /index.html
RewriteRule ^/index.html http://%{HTTP_HOST}:8008/index.html [P]
The 8008 port is modperl with no proxy configurations in httpd.conf at
all.
Perhaps I'm missing something simple: I guess I want the reverse of
ProxyBlock - I want to allow a pass only to a specified set of servers,
stopping any external targets.
I see from
http://www.mail-archive.com/dev@httpd.apache.org/msg17546.html
that there seems to be a proposal for what I need, 'AllowHttpProxy',
but that's as yet unimplemented, afaik.
I need the RewriteRule because I need to pass the (in my case)
intentionally varying HTTP_HOST in the URL (well, at least, that's how
it's currently coded). Given that need, how can I avoid looking like an
open proxy? Is the modperl port acting like a default proxy?
Commenting out that RewriteRule stops the behavior, so port 80 is not
acting like a proxy by itself. Should I add some proxy config in the
modperl conf to deliberately set proxy=off?
Thanks for any pointers,
vince
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: open proxy behavior without obvious open-proxy config
Posted by "Philippe M. Chiasson" <go...@cpan.org>.
On Fri, 2004-02-06 at 22:52 -0500, Vincent Kargatis wrote:
> [attempted post previously, but seems to have been silently swallowed.]
>
> I have an apache server using mod_proxy that is acting like an open
> proxy even though I have ProxyRequests turned Off.
>
> the conf excerpt:
> ProxyRequests Off
> RewriteEngine on
> RewriteRule ^/$ /index.html
> #pass requests for / to /index.html
> RewriteRule ^/index.html http://%{HTTP_HOST}:8008/index.html [P]
Here is what I am using:
ProxyRequests Off
RewriteEngine on
ProxyPreserveHost On
RewriteRule ^/(.*)$ http://localhost:8008/$1 [P]
Without this, you are telling rewrite to proxy to whatever Host: header
the client sent, i.e. open-proxy.
Instead, you proxy everything over to localhost, but ProxyPreserveHost
On tells mod_proxy to send the original Host: header down the pipe.
Voila!
> The 8008 port is modperl with no proxy configurations in httpd.conf at
> all.
>
> Perhaps I'm missing something simple: I guess I want the reverse of
> ProxyBlock - I want to allow a pass only to a specified set of servers,
> stopping any external targets.
>
> I see from
> http://www.mail-archive.com/dev@httpd.apache.org/msg17546.html
> that there seems to be a proposal for what I need, 'AllowHttpProxy',
> but that's as yet unimplemented, afaik.
>
> I need the RewriteRule because I need to pass the (in my case)
> intentionally varying HTTP_HOST in the URL (well, at least, that's how
> it's currently coded). Given that need, how can I avoid looking like an
> open proxy? Is the modperl port acting like a default proxy?
> Commenting out that RewriteRule stops the behavior, so port 80 is not
> acting like a proxy by itself. Should I add some proxy config in the
> modperl conf to deliberately set proxy=off?
>
> Thanks for any pointers,
> vince
>
>
> --
> Reporting bugs: http://perl.apache.org/bugs/
> Mail list info: http://perl.apache.org/maillist/modperl.html
> List etiquette: http://perl.apache.org/maillist/email-etiquette.html
--
--------------------------------------------------------------------------------
Philippe M. Chiasson /gozer\@(cpan|ectoplasm)\.org/ 88C3A5A5 (122FF51B/C634E37B)
http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3 A5A5
Q: It is impossible to make anything foolproof because fools are so ingenious.
perl -e'$$=\${gozer};{$_=unpack(P7,pack(L,$$));/^JAm_pH\n$/&&print||$$++&&redo}'
Re: open proxy behavior without obvious open-proxy config
Posted by Vincent Kargatis <ka...@kargatron.net>.
From: "Ged Haywood" <ge...@www2.jubileegroup.co.uk>
> On Fri, 6 Feb 2004, Vincent Kargatis wrote:
>
> > I have an apache server using mod_proxy that is acting like an open
> > proxy even though I have ProxyRequests turned Off.
> > [sinp]
> > Perhaps I'm missing something simple:
>
> How about this?
>
> http://httpd.apache.org/docs/mod/mod_proxy.html#access
I don't want to control access, I want to control destination. I need
anyone to have access (I can't know the origin of legitimate users);
instead I need to restrict outward-bound requests. ProxyPass is (afaik,
for the current setup) insufficient because I need to rewrite the URL.
Can I somehow combine ProxyPass with the RewriteRule?
v
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: open proxy behavior without obvious open-proxy config
Posted by Ged Haywood <ge...@www2.jubileegroup.co.uk>.
Hi there,
On Fri, 6 Feb 2004, Vincent Kargatis wrote:
> I have an apache server using mod_proxy that is acting like an open
> proxy even though I have ProxyRequests turned Off.
> [sinp]
> Perhaps I'm missing something simple:
How about this?
http://httpd.apache.org/docs/mod/mod_proxy.html#access
73,
Ged.
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html