RE: Proxy "Open Relay" used to send messages - Apache2

4 Aug 2003 08:55:03 -0000 

I've a little work around for this problem:
I've found out that you're using mod_proxy to proxy an OWA connection, so 
better configuration is for first to use an SSL-ONLY connection, you are using 
basic auth, isn't it?!?

After that, use this configuration in ssl.conf

 <VirtualHost ip:443>

    SSLEngine on
    SSLProxyEngine on
    SSLProtocol +all
    SSLCipherSuite HIGH:MEDIUM

    SSLCertificateFile /apache/conf/ssl.crt/server.crt
    SSLCertificateKeyFile /apache/conf/ssl.key/server.key

   <Files ~ "\.(cgi|shtml|phtml)$">
    SSLOptions +StdEnvVars
   </Files>


    ServerAdmin address
    ServerName name:443
 
    <Location "/exchange">
    ProxyPass https://servername/exchange
    ProxyPassReverse https://servername/exchange
    </Location>

    <Location "/exchweb"> 
    ProxyPass https://servername/exchweb
    ProxyPassReverse https://servername/exchweb
    </Location>

    <Location "/public">
    ProxyPass  https://servername/public
    ProxyPassReverse https://servername/public
    </Location>
    ErrorLog logs/owa_ssl_error
    CustomLog logs/owa_ssl_acces common
    CustomLog logs/ssl_owa_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    # mod_security Configuration

    SecFilterEngine On
#    SecAuditEngine On
#    SecAuditLog logs/audit_log
#    SecFilterScanPOST On
    SecFilterDefaultAction deny,log,status:409
      # Filters
      SecFilter "\.\./"
      SecFilter "<( |\n)*script"
      SecFilter "<(.|\n)+>"
      SecFilter "root.exe*"
      SecFilter "cmd.exe*"
      SecFilter "default.ida*"
      SecFilter "delete( |\n)+from"
      SecFilter "insert( |\n)+into"
      SecFilter "select( |\n)+from"     
      
    
</VirtualHost>

As you can see I'm also using mod_security for enhancing protection.
Remember to DISABLE ProxyVia and ProxyRequest! (just don't insert the variables)

This might work.

Any feedback will be appreciated.


Federico

Lombardo Federico, Network Administrator & IT Security Manager 
Tel. +396.47841.362  
Grandi Stazioni S.p.A. 
Via G. Giolitti 34 
00189 Roma 
Italy 


-----Original Message-----
From: Fabiano Felix [mailto:[EMAIL PROTECTED] 
Sent: gioved� 31 luglio 2003 16.38
To: [EMAIL PROTECTED]

Hello All,

I'm having problems with "Open HTTP Proxy" Relay. Some spammers are
using my proxy to send messages with other mail servers (my proxy is
"trusted" for this mail servers). After tests, I concludes that the
method used for this is a connection by "http-post" (tested with
pxytest.pl (http://www.unicom.com/sw/pxytest)). If I block "http-post",
probably my proxy will not function. Someone has this problem? How to
solve this.
My proxy configuration (it's an Apache2):
"
<VirtualHost 10.1.144.3:80>
        ServerName msexchange.xxxxxxx.com.br
        UseCanonicalName On
        ProxyVia On
        ProxyRequests On
        ProxyPass / http://10.2.144.4/
        ProxyPassReverse / http://10.2.144.4/
        ProxyPreserveHost On
        ProxyPass /exchange/ http://10.2.144.4/exchange/
        ProxyPassReverse /exchange/ http://10.2.144.4/exchange/
        ProxyPass /exchweb/ http://10.2.144.4/exchweb/
        ProxyPassReverse /exchweb/ http://10.2.144.4/exchweb/
</VirtualHost>
"

Regards,

Fabiano Felix

Reply via email to