logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS Twitter


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: How to fix "HTTP Proxy POST Request Relaying" by
Author
danielc



Joined: 15 Jul 2022
Posts: 3
Location: HK

PostPosted: Fri 15 Jul '22 8:42    Post subject: How to fix "HTTP Proxy POST Request Relaying" by Reply with quote

Hello,

I have a apache server act as proxy using ProxyPass and ProxypassReverse:

ProxyPass /proton/CMS http://192.168.2.14 retry=1 acquire=3000 timeout=600 Keepalive=On
ProxyPass /proton/LMS http://192.168.2.15
ProxyPassReverse /proton/LMS http://192.168.2.15

It is working fine.
But we received our security auditor report saying:

Quote:
HTTP Proxy Arbitrary Site/Port Relaying
The remote proxy, allows everyone to perform requests against arbitrary ports, such as :

'GET http://cvs.nessus.org:110'.

This problem may allow attackers to go through your firewall, by connecting to sensitive ports like 25 (sendmail) using the proxy. In addition to that, it might be used to perform attacks against other networks.


Quote:
HTTP Proxy POST Request Relaying
The proxy allows the users to perform POST requests such as

POST http://cvs.nessus.org:21

without any Content-length tag.

This request may give an attacker the ability to have an interactive session.

This problem may allow attackers to go through your firewall, by connecting to sensitive ports like 23 (telnet) using your proxy, or it can allow internal users to bypass the firewall rules and connect to ports they should not be allowed to.

In addition to that, your proxy may be used to perform attacks against other networks.



However I am not sure how to setup the ACL to prevent the GET,POST request except remote port 80,443, would you please point me out the direction how to limit this? Thanks.

Daniel
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7147
Location: Germany, Next to Hamburg

PostPosted: Sat 16 Jul '22 22:43    Post subject: Reply with quote

Hi Daniel,
the default "ProxyRequests Off" prevents that. Unless you turn it on.
You may also set "ProxyVia Block"

You can also limit the connections to your reverse proxy with Require. Well that works only if you have a fixed range of IPs.

In my opinion is that a false positive. You don't run a forward proxy.
Back to top


Reply to topic   Topic: How to fix "HTTP Proxy POST Request Relaying" by View previous topic :: View next topic
Post new topic   Forum Index -> Apache