[wellylug] From a friend
Enkidu
enkidu at cliffp.com
Tue Sep 2 22:36:46 NZST 2003
On 02 Sep 2003 22:25:38 +1200, you wrote:
>Name changed to protect the guilty...
>
>> Oh, and I got back to find that the reverse proxy which we cunningly
>> installed at work a few months ago as a central web/logging server
>> with
>> Debian and Apache 2.0/mod_proxy has had a misconfiguration since day
>> one and
>> was actually an open proxy.
>>
>> I thought I tested that this wasn't possible but I must have made a
>> mistake
>> somewhere as we were getting absolutely hammered since about Saturday
>> when
>> our IP got published to a range of Russian and Japanese open proxy
>> lists.
>> Our logfiles for the default site usually run about 2 Mb a week - last
>> week
>> was a shade over 210 and the first 12 hours of Monday were up to 45
>> before I
>> figured out what was going on and canned it.
>>
>> Oops. Bugger.
>>
>> So if you're using Deb and Apache 2.0 anywhere, check deep in it's
>> little
>> maze of twisty conf.d's, all alike, and you might just find that
>> ProxyRequests is set to On instead of Off as it's supposed to be by
>> default.
>>
>> Ah well. It's all a learning experience, isn't it :-\
>
>So let that be a warning to you all.
>
BTW, it can happen in Apache 1.3.x too. You can switch it on for
particular sites if you really need it, in the stanza for the site.
Cheers,
Cliff
--
The complete lack of evidence is the surest sign
that the conspiracy is working.
More information about the wellylug
mailing list