httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob De Langhe <rob.de.lan...@twistfare.be>
Subject [users@httpd] SUMMARY:still hacking proxy-attempts accepted by webserver
Date Thu, 07 Jul 2011 09:36:02 GMT


thx to Eric Covener (the sole replier on my mail), he pointed me in the right direction :


Without any 'proxy' modules loaded, I needed to configure a 'honeypot' virtualhost to catch
any request that doesn't contain one of my hostnames (like "www.mydomain.be"),[1]  and deny
access to them all. 

By placing this extra virtualhost as the first in the config, it becomes the "default" one.


These are the config lines I added : 

<VirtualHost *:80>
    ServerName default.only
    <Location "/">
           order allow,deny
           Deny from all
    </Location>
</VirtualHost>

works like a charm. 

Testing is done with a TELNET to my web server's internal IP address, port 80, and entering
the following: 

GET http://www.yahoo.com/  HTTP/1.1
Host: www.yahoo.com

(followed by double newlines)

cheers 

Rob

Citeren Rob De Langhe <rob.de.langhe@twistfare.be>: 

> hi,
>
> despite me disabling the "proxy*" modules from my Apache, I see still occasionally some
succesfull hack attempts via my server (code 200) :
>
> 125.46.73.7 - - [30/Jun/2011:11:54:09 +0200] "GET http://www.baidu.com/ HTTP/1.1" 200
240 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
>
> The loaded modules in my Apache are :
>
> # /usr/apache2/bin/httpd -M | sort
>  actions_module (shared)
>  alias_module (shared)
>  auth_basic_module (shared)
>  authn_dbm_module (shared)
>  authn_default_module (shared)
>  authn_file_module (shared)
>  authz_dbm_module (shared)
>  authz_default_module (shared)
>  authz_groupfile_module (shared)
>  authz_host_module (shared)
>  authz_user_module (shared)
>  autoindex_module (shared)
>  cgi_module (shared)
>  core_module (static)
>  dbd_module (shared)
>  dir_module (shared)
>  dumpio_module (shared)
>  env_module (shared)
>  expires_module (shared)
>  headers_module (shared)
>  http_module (static)
>  include_module (shared)
>  log_config_module (shared)
>  logio_module (shared)
>  mime_module (shared)
>  mpm_prefork_module (static)
>  negotiation_module (shared)
>  php5_module (shared)
>  setenvif_module (shared)
>  so_module (static)
>  ssl_module (shared)
>  vhost_alias_module (shared)
>
> Can anyone please shed some light on this mystery  ?
>
> thx a lot in advance
> Rob
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.



Links:
------
[1] http://www.mydomain.be


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Mime
View raw message