logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Open Proxy Problems
Author
cegha04



Joined: 23 May 2015
Posts: 2
Location: USA, SC

PostPosted: Sat 23 May '15 23:09    Post subject: Open Proxy Problems Reply with quote

I need some help here. I'm stuck on trying to fix a problem with open proxy on my website. It's running ubuntu & apache2. I also run pfsense for a firewall with snort. I have a SSL for the website, so I have regular port 80 redirect to https.

At first I did notice right away when I checked & saw this happen that proxy was turned on. So I got that turned off.

My firewall is still allowing these bad IPs to port 80. I would like to figure out what I could turn on the firewall or snort to stop those connections in addition to what needs fixing in apache. I've read the solution is to make the redirects go to a 403 error page.

I also tried adding a mod_security rule but ended up blocking all people from website, though I may have accidentally turned some other rules on too.

There are a few different problems it looks like.
First - It looks like they're trying to connect to my HTTPS then redirect to an ad through my domain name?
Second - It looks like they're still trying to use my website for open proxy but directly accessing ib.adnxs.com through my port 80. My logs indicate i'm redirecting to a 301 page.

If I shut off port 80 access on my firewall, it will stop all this bad traffic & I get this message instead in my apache logs. Obviously this is not a solution as people can no longer be redirected to my HTTPS.
Code:
www.mydomain.net:80 ::1 - - [23/May/2015:14:51:27 -0400] "OPTIONS * HTTP/1.0" 200 110 "-" "Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f (internal dummy connection)"



Virtual Host File:
Code:
NameVirtualHost *:80
   ServerName www.mydomain.net
   Redirect permanent / https://mydomain.net/
   #ProxyRequests off
  <Location />
    Order allow,deny
    Deny from all
  </Location>
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 26 May '15 18:05    Post subject: Reply with quote

Ignore the internal dummy connection. That is apache itself.

You may wanna change

#ProxyRequests off

to

ProxyRequests off
Back to top
cegha04



Joined: 23 May 2015
Posts: 2
Location: USA, SC

PostPosted: Wed 27 May '15 3:13    Post subject: Reply with quote

I get an error if I don't use a "#" before it.

Quote:
Invalid command 'ProxyRequests', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.


Edit:So I also went back & disabled all other rules for mod_security & only have:
Code:
SecRule SERVER_NAME "www\.yourdomain\.com$"  "id:'200000',phase:1,nolog,allow,ctl:ruleEngine=off"


From this link as a solution. The rule didn't seem to do anything to stop the bad traffic.

http://stackoverflow.com/questions/22610798/apache2-flooded-with-get-requests
Back to top


Reply to topic   Topic: Open Proxy Problems View previous topic :: View next topic
Post new topic   Forum Index -> Apache