On Fri, 2004-02-06 at 22:52 -0500, Vincent Kargatis wrote: > [attempted post previously, but seems to have been silently swallowed.] > > I have an apache server using mod_proxy that is acting like an open > proxy even though I have ProxyRequests turned Off. > > the conf excerpt: > ProxyRequests Off > RewriteEngine on > RewriteRule ^/$ /index.html > #pass requests for / to /index.html > RewriteRule ^/index.html http://%{HTTP_HOST}:8008/index.html [P]
Here is what I am using: ProxyRequests Off RewriteEngine on ProxyPreserveHost On RewriteRule ^/(.*)$ http://localhost:8008/$1 [P] Without this, you are telling rewrite to proxy to whatever Host: header the client sent, i.e. open-proxy. Instead, you proxy everything over to localhost, but ProxyPreserveHost On tells mod_proxy to send the original Host: header down the pipe. Voila! > The 8008 port is modperl with no proxy configurations in httpd.conf at > all. > > Perhaps I'm missing something simple: I guess I want the reverse of > ProxyBlock - I want to allow a pass only to a specified set of servers, > stopping any external targets. > > I see from > http://www.mail-archive.com/[EMAIL PROTECTED]/msg17546.html > that there seems to be a proposal for what I need, 'AllowHttpProxy', > but that's as yet unimplemented, afaik. > > I need the RewriteRule because I need to pass the (in my case) > intentionally varying HTTP_HOST in the URL (well, at least, that's how > it's currently coded). Given that need, how can I avoid looking like an > open proxy? Is the modperl port acting like a default proxy? > Commenting out that RewriteRule stops the behavior, so port 80 is not > acting like a proxy by itself. Should I add some proxy config in the > modperl conf to deliberately set proxy=off? > > Thanks for any pointers, > vince > > > -- > Reporting bugs: http://perl.apache.org/bugs/ > Mail list info: http://perl.apache.org/maillist/modperl.html > List etiquette: http://perl.apache.org/maillist/email-etiquette.html -- -------------------------------------------------------------------------------- Philippe M. Chiasson /gozer\@(cpan|ectoplasm)\.org/ 88C3A5A5 (122FF51B/C634E37B) http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3 A5A5 Q: It is impossible to make anything foolproof because fools are so ingenious. perl -e'$$=\${gozer};{$_=unpack(P7,pack(L,$$));/^JAm_pH\n$/&&print||$$++&&redo}'
signature.asc
Description: This is a digitally signed message part
