FYI...
I found a scumbag using my web server to hide behind while [s]he accessed
other servers.
Mandrake: your server is also configured to allow these passthrough
requests!
To test your server, issue these comamds:
telnet <server> 80
GET http://<some_other_server> HTTP/1.0
If you get the output from <some_other_server>, <server> is allowing
passthrough (proxy) connections.
HTH,
Pierre
Begin forwarded message:
Date: Sun, 10 Mar 2002 12:26:17 -0800
From: Ian Holsman <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]> Subject: RE: 1.3.x allows passthrough
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Pierre
try disabling your proxy
look for a line like
LoadModule proxy_module modules/....
and comment it out by placing a '#' in front of it
also
turn 'ProxyRequests' to OFF
(this is around line 988 on my config file)
> -----Original Message-----
> From: Pierre Fortin [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, March 10, 2002 7:55 AM
> To: [EMAIL PROTECTED]
> Subject: 1.3.x allows passthrough
>
>
> [Also reported to CERT since they have the same exposure; see
> below]
>
> I was monitoring my DSL link when I noticed some strange HTTP
> requests to
> my web site... someone was using my server to hide behind by
> formatting
> requests like this:
>
> GET http://somesite.domain/page HTTP/1.0
>
> which caused my 1.3.20 to acquire and serve the requested
> remote page. To
> see if I was alone, I tried this on www.apache.org (2.0.32)
> which rejects
> this type of request, though I'm not sure if it is by design.
>
> I also tried such a query to www.cert.org and it *did* serve
> up a remote
> page.
>
> Hopefully there is at least a workaround...
>
> Pierre Fortin
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
