Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Open Proxy Problems |
|
| Author |
|
cegha04
Joined: 23 May 2015
Posts: 2
Location: USA, SC
|
 Posted: Sat 23 May '15 23:09 Post subject: Open Proxy Problems |
 |
|
I need some help here. I'm stuck on trying to fix a problem with open proxy on my website. It's running ubuntu & apache2. I also run pfsense for a firewall with snort. I have a SSL for the website, so I have regular port 80 redirect to https.
At first I did notice right away when I checked & saw this happen that proxy was turned on. So I got that turned off.
My firewall is still allowing these bad IPs to port 80. I would like to figure out what I could turn on the firewall or snort to stop those connections in addition to what needs fixing in apache. I've read the solution is to make the redirects go to a 403 error page.
I also tried adding a mod_security rule but ended up blocking all people from website, though I may have accidentally turned some other rules on too.
There are a few different problems it looks like.
First - It looks like they're trying to connect to my HTTPS then redirect to an ad through my domain name?
Second - It looks like they're still trying to use my website for open proxy but directly accessing ib.adnxs.com through my port 80. My logs indicate i'm redirecting to a 301 page.
If I shut off port 80 access on my firewall, it will stop all this bad traffic & I get this message instead in my apache logs. Obviously this is not a solution as people can no longer be redirected to my HTTPS.
| Code: | | www.mydomain.net:80 ::1 - - [23/May/2015:14:51:27 -0400] "OPTIONS * HTTP/1.0" 200 110 "-" "Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f (internal dummy connection)" |
Virtual Host File:
| Code: | NameVirtualHost *:80
ServerName www.mydomain.net
Redirect permanent / https://mydomain.net/
#ProxyRequests off
<Location />
Order allow,deny
Deny from all
</Location> |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7294
Location: Germany, Next to Hamburg
|
| Posted: Tue 26 May '15 18:05 Post subject: |
|
|
Ignore the internal dummy connection. That is apache itself.
You may wanna change
#ProxyRequests off
to
ProxyRequests off |
|
| Back to top |
|
cegha04
Joined: 23 May 2015
Posts: 2
Location: USA, SC
|
| Posted: Wed 27 May '15 3:13 Post subject: |
|
|
I get an error if I don't use a "#" before it.
| Quote: | Invalid command 'ProxyRequests', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information. |
Edit:So I also went back & disabled all other rules for mod_security & only have:
| Code: | | SecRule SERVER_NAME "www\.yourdomain\.com$" "id:'200000',phase:1,nolog,allow,ctl:ruleEngine=off" |
From this link as a solution. The rule didn't seem to do anything to stop the bad traffic.
http://stackoverflow.com/questions/22610798/apache2-flooded-with-get-requests |
|
| Back to top |
|
|
|
|
|
|
