Can you provide exactly what you were providing when using telnet? You said:
telnet myhost.com 8080 GET http://gs.163.com/ CONNECT mail3.xps.idv.tw:25 but that is actually invalid as far as what you can provide for HTTP request. So, please provide an exact transcript of what you were doing. Graham On 27 December 2011 02:48, Fang Jiaguo <jgfang...@gmail.com> wrote: > I have add the following to apache conf. But still get the same result > as before. > > NameVirtualHost *:8080<VirtualHost *:8080>ServerName myhost.com</ > VirtualHost> > On Dec 26, 5:54 pm, Graham Dumpleton <graham.dumple...@gmail.com> > wrote: >> On 26 December 2011 19:33, Jiaguo Fang <jgfang...@gmail.com> wrote: >> >> > Hi Graham, I haven't set any proxies. I will try your advice to add >> > only what I really need. >> >> I was not advising you to only add what you really think you need. >> Throwing away the whole file and then adding stuff on top of an empty >> file is actually bad practice and I wanted to make sure you were NOT >> doing that. >> >> You should always use the sample Apache configuration file and add on >> top of that. >> >> You should also read up about NameVirtualHost and VirtualHost >> directives and properly use them. If you use VirtualHost that may in >> itself may solve the problem. It may be the case that CONNECT allows >> you to do what you are able to do if VirtualHost not used. >> >> Graham >> >> >> >> >> >> >> >> > On Dec 26, 3:48 pm, Graham Dumpleton <graham.dumple...@gmail.com> >> > wrote: >> >> And if you haven't set them, have you done what I have seen many >> >> Windows people do, and even some UNIX people, which is to throw away >> >> completely the default Apache configuration and start with an empty >> >> file, adding only what you think you need? >> >> >> Doing that to me is a recipe for disaster as you have no idea what the >> >> Apache defaults are. One default is that Apache is allowed to serve >> >> files from anywhere on a file system if there is some Alias mapping >> >> that permits it in some way. >> >> >> Graham >> >> >> On 26 December 2011 18:44, Graham Dumpleton <graham.dumple...@gmail.com> >> >> wrote: >> >> >> > What are ProxyRequests and ProxyVia directives set to in Apache config >> >> > if defined? Eg: >> >> >> > ProxyRequests On >> >> > ProxyVia On >> >> >> > Is the Proxy directive use at all? Eg: >> >> >> > <Proxy *> >> >> > Order deny,allow >> >> > Deny from all >> >> > Allow from internal.example.com >> >> > </Proxy> >> >> >> > If you have forward proxy enabled and no VirtualHost, then likely >> >> > Apache is accepting any CONNECT to any port. >> >> >> > Open forward proxying is a security risk and when used should be locked >> >> > down. >> >> >> > So, this may be an artefact of a insecure Apache configuration. >> >> >> > Graham >> >> >> > On 26 December 2011 17:20, Jiaguo Fang <jgfang...@gmail.com> wrote: >> >> >> >> My develop environment is windows+mod_wsgi 3.3+python 2.7+apache 2.2. >> >> >> >> I have set up apache to listen to 8080 port and use default settings >> >> >> for other apache configuration, meaning there is no VirtualHost/ >> >> >> ServerName/ServerAlias... >> >> >> >> Here is the settings for wsgi: >> >> >> WSGIScriptReloading Off >> >> >> WSGIScriptAlias / "E:/eclipse workspace/SubscriptionServer/src/ >> >> >> business/dispatcher.py" >> >> >> WSGIPythonPath "E:/eclipse workspace/SubscriptionServer/src" >> >> >> >> <Directory "E:/eclipse workspace/SubscriptionServer"> >> >> >> Order deny,allow >> >> >> Allow from all >> >> >> </Directory> >> >> >> >> Now I have met the problem that apache will create interpreters for >> >> >> each port accessed by users, as apache logs show below. >> >> >> [error.log] >> >> >> [Sat Dec 24 22:14:34 2011] [info] mod_wsgi (pid=4956): Create >> >> >> interpreter 'myhost.com:8080|'. >> >> >> [Sat Dec 24 22:14:34 2011] [info] mod_wsgi (pid=4956): Adding 'E:/ >> >> >> eclipse workspace/SubscriptionServer/src' to path. >> >> >> [Sat Dec 24 22:14:34 2011] [info] [client 10.27.7.110] mod_wsgi >> >> >> (pid=4956, process='', application='myhost.com:8080|'): Loading WSGI >> >> >> script 'E:/eclipse workspace/SubscriptionServer/src/business/ >> >> >> dispatcher.py'. >> >> >> [Sat Dec 24 23:38:41 2011] [info] mod_wsgi (pid=4956): Create >> >> >> interpreter 'myhost.com|'. >> >> >> [Sat Dec 24 23:38:41 2011] [info] mod_wsgi (pid=4956): Adding 'E:/ >> >> >> eclipse workspace/SubscriptionServer/src' to path. >> >> >> [Sat Dec 24 23:38:41 2011] [info] [client 110.7.115.125] mod_wsgi >> >> >> (pid=4956, process='', application='myhost.com|'): Loading WSGI script >> >> >> 'E:/eclipse workspace/SubscriptionServer/src/business/dispatcher.py'. >> >> >> [Sun Dec 25 09:04:50 2011] [info] mod_wsgi (pid=4956): Create >> >> >> interpreter 'myhost.com:25|'. >> >> >> [Sun Dec 25 09:04:50 2011] [info] mod_wsgi (pid=4956): Adding 'E:/ >> >> >> eclipse workspace/SubscriptionServer/src' to path. >> >> >> [Sun Dec 25 09:04:50 2011] [info] [client 118.161.243.186] >> >> >> mod_wsgi (pid=4956, process='', application='myhost.com:25|'): Loading >> >> >> WSGI script 'E:/eclipse workspace/SubscriptionServer/src/business/ >> >> >> dispatcher.py'. >> >> >> >> [access.log] >> >> >> 110.7.115.125 - - [24/Dec/2011:23:38:41 +0800] >> >> >> "GEThttp://gs.163.com/ >> >> >> HTTP/1.1" 404 29 >> >> >> 118.161.243.186 - - [25/Dec/2011:09:04:50 +0800] "CONNECT >> >> >> mail3.xps.idv.tw:25 HTTP/1.0" 404 29 >> >> >> >> As you can see from access log, these two requests will cause apache >> >> >> to create 80 and 25 interpreters. I don't know where they come >> >> >> from(proxy detecting?). But I can simulate them through telnet. >> >> >> telnet myhost.com 8080 >> >> >> GEThttp://gs.163.com/ >> >> >> CONNECT mail3.xps.idv.tw:25 >> >> >> >> Then when I shut down the apache, no matter how many interpreters it >> >> >> creates, it only destroys the 8080 interpreter. This is another odd >> >> >> discovery. >> >> >> [Sun Dec 25 15:04:01 2011] [info] mod_wsgi (pid=4956): Destroying >> >> >> interpreters. >> >> >> [Sun Dec 25 15:04:01 2011] [info] mod_wsgi (pid=4956): Destroy >> >> >> interpreter 'myhost.com:8080|'. >> >> >> [Sun Dec 25 15:04:29 2011] [notice] Parent: Forcing termination of >> >> >> child process 234 >> >> >> [Sun Dec 25 15:04:29 2011] [info] removed PID file C:/Program >> >> >> Files (x86)/Apache Software Foundation/Apache2.2/logs/httpd.pid >> >> >> (pid=4608) >> >> >> >> I only want apache to listen to 8080 and create 8080 interpreter and >> >> >> prevent others. I believe there are some settings I have missed, >> >> >> apache or firewall? But how can I do this? >> >> >> >> -- >> >> >> You received this message because you are subscribed to the Google >> >> >> Groups "modwsgi" group. >> >> >> To post to this group, send email to modwsgi@googlegroups.com. >> >> >> To unsubscribe from this group, send email to >> >> >> modwsgi+unsubscr...@googlegroups.com. >> >> >> For more options, visit this group >> >> >> athttp://groups.google.com/group/modwsgi?hl=en. >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "modwsgi" group. >> > To post to this group, send email to modwsgi@googlegroups.com. >> > To unsubscribe from this group, send email to >> > modwsgi+unsubscr...@googlegroups.com. >> > For more options, visit this group >> > athttp://groups.google.com/group/modwsgi?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to modwsgi@googlegroups.com. > To unsubscribe from this group, send email to > modwsgi+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/modwsgi?hl=en. > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to modwsgi@googlegroups.com. To unsubscribe from this group, send email to modwsgi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
