You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Dave Lowenstein <dl...@mail.sdsu.edu> on 2002/09/11 19:28:45 UTC

[users@httpd] Help with ProxyPass needed

I'd like to allow people to access documents on a server which is behind a
firewall from my webserver. The other server allows access from my
webserver on port 80, but doesn't allow access from anyone else.

I set up the following on a test server:

<IfModule mod_proxy.c>
    ProxyRequests Off
    ProxyPass /proxy http://my.server.com/
</IfModule>

I'm able to type in other.server.com/proxy/document_on_my.server.pdf

and get the document. I'm also able, however, to select my webserver as a
proxy server in browser preferences, and bring up cnn.com using my
webserver as the proxy.  It's a very screwed-up looking cnn.com (not all
the images load, the text is in large clumsy looking fonts) but
nevertheless the page comes up.

Can this be exploited? Is there a way to set it up so that I can proxy
through to these docs on the other server but not allow people to use my
server as a proxy server? I can't set up allow/deny lists because the
general public needs to be able to download these documents from my
webserver.

I thought that reverse proxying would keep people from using my server as
a proxy while allowing the docs to come over, but it didn't seem to
work. I did the exact same config as above but with "ProxyPassReverse"

Any help would be appreciated

Thanks,

Dave


Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Help with ProxyPass needed

Posted by Joshua Slive <jo...@slive.ca>.

Dave Lowenstein wrote:
> 
> <IfModule mod_proxy.c>
>     ProxyRequests Off
>     ProxyPass /proxy http://my.server.com/
> </IfModule>
> 
> I'm able to type in other.server.com/proxy/document_on_my.server.pdf
> 
> and get the document. I'm also able, however, to select my webserver as a
> proxy server in browser preferences, and bring up cnn.com using my
> webserver as the proxy.  It's a very screwed-up looking cnn.com (not all
> the images load, the text is in large clumsy looking fonts) but
> nevertheless the page comes up.

Have you tried this from other computers?  Are you sure it is not a 
client-wierdness?  Have you searched through httpd.conf for any other 
instances of the ProxyRequests directive?  What does the access_log and 
error_log entries for the relevant requests look like?

Joshua



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org