FYI... I found a scumbag using my web server to hide behind while [s]he accessed other servers.
Mandrake: your server is also configured to allow these passthrough requests! To test your server, issue these comamds: telnet <server> 80 GET http://<some_other_server> HTTP/1.0 If you get the output from <some_other_server>, <server> is allowing passthrough (proxy) connections. HTH, Pierre Begin forwarded message: Date: Sun, 10 Mar 2002 12:26:17 -0800 From: Ian Holsman <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: RE: 1.3.x allows passthrough -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Pierre try disabling your proxy look for a line like LoadModule proxy_module modules/.... and comment it out by placing a '#' in front of it also turn 'ProxyRequests' to OFF (this is around line 988 on my config file) > -----Original Message----- > From: Pierre Fortin [mailto:[EMAIL PROTECTED]] > Sent: Sunday, March 10, 2002 7:55 AM > To: [EMAIL PROTECTED] > Subject: 1.3.x allows passthrough > > > [Also reported to CERT since they have the same exposure; see > below] > > I was monitoring my DSL link when I noticed some strange HTTP > requests to > my web site... someone was using my server to hide behind by > formatting > requests like this: > > GET http://somesite.domain/page HTTP/1.0 > > which caused my 1.3.20 to acquire and serve the requested > remote page. To > see if I was alone, I tried this on www.apache.org (2.0.32) > which rejects > this type of request, though I'm not sure if it is by design. > > I also tried such a query to www.cert.org and it *did* serve > up a remote > page. > > Hopefully there is at least a workaround... > > Pierre Fortin
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com