You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wiki-changes@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2008/01/20 22:39:07 UTC

[Httpd Wiki] Trivial Update of "ProxyAbuse" by ChrisPepper

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by ChrisPepper:
http://wiki.apache.org/httpd/ProxyAbuse

The comment on the change is:
Couple typos.

------------------------------------------------------------------------------
  63.251.56.142 - - [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/ HTTP/1.0" 200 1456 
  }}}
  
- This is usually the result of malicious clients trying to exploit open proxy servers to access a website without revealing their true location. They could be doing this to manipulate pay-per-click add systems, to add comment or link-spam to someone else's site, or just to do something nasty without being detected.
+ This is usually the result of malicious clients trying to exploit open proxy servers to access a website without revealing their true location. They could be doing this to manipulate pay-per-click ad systems, to add comment or link-spam to someone else's site, or just to do something nasty without being detected.
  
  It is important to prevent your server from being used as an open proxy to abuse other sites.
  
@@ -49, +49 @@

  63.251.56.142 - - [25/Jul/2002:12:48:04 -0700] "CONNECT smtp.example.com:25 HTTP/1.0" 200 1456 
  }}}
  
- The {{{CONNECT}}} method is usually used to tunnel SSL requests through proxys. But in this case, the port 25 on the target shows us that someone is attempting to use our HTTP proxy to send mail (probably spam) to a foreign site.
+ The {{{CONNECT}}} method is usually used to tunnel SSL requests through proxies. But in this case, the port 25 on the target shows us that someone is attempting to use our HTTP proxy to send mail (probably spam) to a foreign site.
  
  Everything mentioned above applies equally to this case. But normally, as long as the proxy is disabled, Apache would respond to such requests with status code {{{405 (Method not allowed)}}}. The fact that a success status code is returned indicates that a third-party module is processing the {{{CONNECT}}} requests. The most likely culprit is php, which in its default configuration will accept all methods and treat them identically.