Hi.
I am working on a reverse proxy, which is based on a prior project holding the same configuration running over apache 2.0.40, RedHat 9.
This old project has been working smoothly for years since, no security concerns whatsoever.
The new project is based on Centos 5.5, apache 2.2.3. To my surprise, hackers, or should I say opportunistic users, are using the facility much as an open proxy.
I am aware of the need of "ProxyRequests Off" sentence as a condition for closing the forward proxy service while keeping the reverse mode functional.
We are currently blocking by iptables httpd responses to the irregular traffic, but that in turn leaves our server without local access to Internet as for updates.
The configuration in use is shown.
True domain and IP are masked for our privacy.
Partial log follows.
Any advice shall be truly appreciated.
Friedrick
80.254.162.185 - - [28/May/2010:00:49:27 -0300] "GET
http://ya.ru/ HTTP/1.1" 200 8932 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows
95)"
78.153.208.248 - - [28/May/2010:01:45:10 -0300] "GET
http://www.yahoo.com/ HTTP/1.1" 200 8932 "-" "Mozilla/4.0 (compatible; MSIE 4.01;
Windows 95)"
ServerName z.zonline.org
ServerName z.zonline.org
ProxyRequests Off
RewriteEngine On
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/login(.*)$ https://z.zonline.org.ar/login$1 [L,R]
RewriteRule ^/tarjeta(.*)$ https://z.zonline.org.ar/card$1 [L,R]
RewriteLog "/var/log/httpd/rewrite_z_log"
CustomLog logs/http-z access combined
ErrorLog logs/http-z.errors
</VirtualHost>
