> Perhaps the question was ill posed, but not knowing the true role of wsgi > I don't know how I could have posted it differently. Still, as I said, I > was recommended not to use wsgi and also not to use php. I was quite > surprised of being given such advice, but it was nonetheless what I got. >
Do you have any details from the conversation -- i.e., what you asked and what they said exactly? It's possible they don't really know what they're talking about (or misunderstood your setup or question). > Having primarily used php and web2py for web develoment, is the reason for > why I use apache in the first place. > Note, at least for Python web apps, the preferred deployment setup is now Nginx+uWSGI. That being said, and taking your points into account for later, the problem > at hand for now is an exploit sending requests from the server. I'm not > sure if it has to with web2py, but I'm looking for tips for what could be > sending these requests. It is a third party that is doing it. > Are you experiencing a current potential exploit? If so, what is the evidence? Have you seen https://wiki.apache.org/httpd/ProxyAbuse? As noted at that link, if you are seeing logs with GET requests to external sites with 200 response codes, that doesn't necessarily mean Apache proxied the requests to the external sites -- it just means that Apache returned *some* response (assuming you have disabled mod_proxy or have it configured securely, it would just respond with the default page of your default virtual host). In short, your logs might reflect completely normal behavior. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
