You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modproxy-dev@apache.org by "Lombardo, Federico" <FL...@grandistazioni.it> on 2003/08/04 10:58:42 UTC

RE: Proxy Forwarding to Port 25 Security Hack?

Please control all the virtual host you've configured for access lists and the proxyvia and proxyrequests variables.

After that, to check if all is working correctly just telnet you're web server on 80 port,  write 
POST http://208.187.218.208:25/

And see with lsof -i -n if your httpd process is forging connection. If so, there are problems in your configuration.

Lombardo Federico, Network Administrator & IT Security Manager 
Grandi Stazioni S.p.A. 
Via G. Giolitti 34 
00189 Roma 
Italy 


-----Original Message-----
From: Dan Lincoln [mailto:dlincoln@storesonline.com] 
Sent: lunedì 28 luglio 2003 20.03
To: 'modproxy-dev@apache.org'

I've got a LOT of the follow entries in my Apache 2.0.45 access logs...

66.216.126.181 - - [28/Jul/2003:17:37:54 -0600] "POST
http://208.187.218.206:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:55 -0600] "POST
http://208.187.218.208:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:56 -0600] "POST
http://208.187.218.205:25/ HTTP/1.1" 200 877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:57 -0600] "POST
http://208.187.218.134:25/ HTTP/1.1" 200 6877 "-" "-"
66.216.126.181 - - [28/Jul/2003:17:37:57 -0600] "POST
http://208.187.218.200:25/ HTTP/1.1" 200 877 "-" "-"
203.98.164.136 - - [28/Jul/2003:17:37:58 -0600] "POST
http://208.187.218.207:25/ HTTP/1.1" 502 343 "-" "-"
203.98.164.136 - - [28/Jul/2003:17:37:59 -0600] "POST
http://208.187.218.210:25/ HTTP/1.1" 502 343 "-" "-"

I have mod_proxy.c compilied in but there are no configuration directives..
I've added 
<Proxy *>
        Order Deny,Allow
        Deny from all
</Proxy>

and that blocks access.

Should a default installation of Apache 2 allow forwarding?