You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rob De Langhe <ro...@twistfare.be> on 2011/07/07 11:36:02 UTC
[users@httpd] SUMMARY:still hacking proxy-attempts accepted by webserver
thx to Eric Covener (the sole replier on my mail), he pointed me in the right direction :
Without any 'proxy' modules loaded, I needed to configure a 'honeypot' virtualhost to catch any request that doesn't contain one of my hostnames (like "www.mydomain.be"),[1] and deny access to them all.
By placing this extra virtualhost as the first in the config, it becomes the "default" one.
These are the config lines I added :
<VirtualHost *:80>
ServerName default.only
<Location "/">
order allow,deny
Deny from all
</Location>
</VirtualHost>
works like a charm.
Testing is done with a TELNET to my web server's internal IP address, port 80, and entering the following:
GET http://www.yahoo.com/ HTTP/1.1
Host: www.yahoo.com
(followed by double newlines)
cheers
Rob
Citeren Rob De Langhe <ro...@twistfare.be>:
> hi,
>
> despite me disabling the "proxy*" modules from my Apache, I see still occasionally some succesfull hack attempts via my server (code 200) :
>
> 125.46.73.7 - - [30/Jun/2011:11:54:09 +0200] "GET http://www.baidu.com/ HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
>
> The loaded modules in my Apache are :
>
> # /usr/apache2/bin/httpd -M | sort
> actions_module (shared)
> alias_module (shared)
> auth_basic_module (shared)
> authn_dbm_module (shared)
> authn_default_module (shared)
> authn_file_module (shared)
> authz_dbm_module (shared)
> authz_default_module (shared)
> authz_groupfile_module (shared)
> authz_host_module (shared)
> authz_user_module (shared)
> autoindex_module (shared)
> cgi_module (shared)
> core_module (static)
> dbd_module (shared)
> dir_module (shared)
> dumpio_module (shared)
> env_module (shared)
> expires_module (shared)
> headers_module (shared)
> http_module (static)
> include_module (shared)
> log_config_module (shared)
> logio_module (shared)
> mime_module (shared)
> mpm_prefork_module (static)
> negotiation_module (shared)
> php5_module (shared)
> setenvif_module (shared)
> so_module (static)
> ssl_module (shared)
> vhost_alias_module (shared)
>
> Can anyone please shed some light on this mystery ?
>
> thx a lot in advance
> Rob
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
Links:
------
[1] http://www.mydomain.be
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.