Re: Apache log


Subject: Re: Apache log
From: Justin Dieters (enderak@gci.net)
Date: Sat Jan 03 2004 - 10:52:09 AKST


Yes, you have "ProxyRequests On" somewhere in your httpd.conf file.
Take this section(s) out and restart Apache. For instance, if you are
using 'ProxyPass' to forward requests to another server through Apache,
you do not need 'ProxyRequests On". (ProxyPass is okay, it's
ProxyRequests that causes the problem)

Mine was set up like this, and it causes all sorts of problems, from
wasted bandwidth to creating an open relay for spam, if you have
sendmail (or possibly other mail servers). This happened to me, and GCI
turned off my cable modem until I fixed it.

If you are meaning to use "ProxyRequests On", then you have it
configured wrong, and you need to lock it down to only the IP's you want
accessing it (i.e. your internal network) although if you don't
absolutely need it, I would recommend not using it.

Check out the list archives at
http://www.lib.uaa.alaska.edu/aklug/archive/2003-11/ between 11/13/03
and 11/18/03 under the threads "What's wrong with my sendmail?", "Found
problem?", and "Blacklisted ..." for more information about what I had
to go through when I had the exact same problem.

After you fix your problem, you can check with
http://www.mob.net/~ted/tools/rbl.php3 to see if you are on any open
relay lists. If you are on any lists, make sure you have the problem
fixed, and follow the various lists' instructions for removal - some
have a process to go through, others will remove you after a few days or
a week, and at least one (xbl.selwerd.cx) will never remove you.

Once you fix it, you'll still get requests, but they should get 403 or
404 errors instead, and the requests should start to diminish in a few
weeks. I still get some, after 6 weeks, but nowhere near what I used to
get (100-400 megabytes/day worth - that adds up quick on a cable modem)

If you have problems from just a few IP's you can add them to
iptables/ipchains to drop their packets, but in my case, there were too
many IP's the requests were coming from.

Hope this helps, and good luck!
Justin Dieters

Wesley Brown wrote:
> In my apache log I get some entries that seem to request another web page through my server. Like I am a proxy server.
>
> Here is the latest entry:
>
> 64.222.176.13 - - [02/Jan/2004:14:16:23 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 4553
>
> I assume because of the 200 after the request that the attempt was successful. I have read a little about this problem but I don't understand how to fix it. Does anyone know what I am talking about? The fix seems simple I just don't know where to do it at.
>
> Wesley Brown
> The Greyhat Corporation
> www.greyhatcorp.com
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Find out what made the Top Yahoo! Searches of 2003
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Sat Jan 03 2004 - 10:55:05 AKST