You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jason Martens <jm...@cityofevanston.org> on 2005/11/28 19:50:40 UTC
[users@httpd] Is my server an open proxy?
I've been seeing some entries like this in my access.log:
0.0.0.0 - - [06/Nov/2005:15:36:27 -0600] "GET http://www.example.com/
HTTP/1.1" 200 23660 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1)"
It looks like someone is using my server to access other sites. Is that
what I'm seeing? How can I test if my server is vulnerable to this? I
have "ProxyRequests Off" set. Is there anything else that I need to
check?
Thanks,
Jason Martens
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is my server an open proxy?
Posted by Joshua Slive <js...@gmail.com>.
On 11/28/05, Jason Martens <jm...@cityofevanston.org> wrote:
> I've been seeing some entries like this in my access.log:
> 0.0.0.0 - - [06/Nov/2005:15:36:27 -0600] "GET http://www.example.com/
> HTTP/1.1" 200 23660 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.1)"
>
> It looks like someone is using my server to access other sites. Is that
> what I'm seeing? How can I test if my server is vulnerable to this? I
> have "ProxyRequests Off" set. Is there anything else that I need to
> check?
See:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org