You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Boyle Owen <Ow...@swx.com> on 2003/11/03 09:51:26 UTC
RE: [users@httpd] how is my apache being an open relay?
>-----Original Message-----
>From: spamsucks@rhoderunner.com [mailto:spamsucks@rhoderunner.com]
>
>I was checking my access_log. It appears that I am an open relay! How
>can I prevent this? How is it happenning?
>
>I need to have ModProxy running. But all my proxy directives
>are internal
>only. I don't have anything that could be causing this.
>
>Here are my Proxy directives.
><IfModule mod_proxy.c>
> ProxyRequests On
> ProxyPass /roller http://localhost:9081/roller
> ProxyPassReverse /roller http://www.rhoderunner.com/roller
>
> ProxyPass /hrawiki http://localhost:9081/hrawiki
> ProxyPassReverse /hrawiki http://www.rhoderunner.com/hrawiki
></IfModule>
The offending directive is:
> ProxyRequests On
Bizarrely enough, you don't need to switch "on" ProxyRequests to get
ProxyPass to work! If you only need mod_proxy to handle the ProxyPass
directives, then set "ProxyRequests Off".
To explain; ProxyPass and ProxyPassReverse allow you to map a URL in the
server's filespace onto another server. They use mod_proxy to achieve
this. However, this is a very restricted form of proxying. The
ProxyRequests directive allows a client to make any remote request and
the server will fetch it and return it to the client. Typically, you use
this in a LAN environment where you have one machine connected to the
internet which fetches pages for the other machines on the LAN.
However, if you do this, you must prevent your server from handling
requests from outside your LAN,
http://httpd.apache.org/docs/mod/mod_proxy.html#access tells you how.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
>
>
>Thanks!
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org