[wellylug] From a friend

Ewen McNeill wellylug at ewen.mcneill.gen.nz
Tue Sep 2 22:53:27 NZST 2003


In message <fgs8lvoq2tvbq742bcpurhfpp12kmkqo71 at 4ax.com>, Enkidu writes:
>On 02 Sep 2003 22:25:38 +1200, Stephen Judd wrote:
>>> [Apache proxy requests => open relay]
>>
>>So let that be a warning to you all.
>>
>BTW, it can happen in Apache 1.3.x too. You can switch it on for
>particular sites if you really need it, in the stanza for the site.

To be precise what you do if you want to forward particular sites
inwards is proxy those urls, using ProxyPass or ProxyPassReverse.  

ProxyRequests is NOT needed for this to work -- the documentation (at
least in the 1.2.x/1.3.x days) isn't very clear on this point. (Ie,
it's _not_ like the rewrite engine which you have to explicitly turn on.)

Another reason to "be the attacker" when you're checking your system
setup.  Try things that they might try.  Check -- from the outside -- 
your system doesn't allow mail relaying, and that it doesn't act as a
proxy to the world for everything on the 'net.

Ewen



More information about the wellylug mailing list