|
Home > Archive > Apache Server configuration support > July 2006 > Why did they include a proxy server in Apache?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Why did they include a proxy server in Apache?
|
|
| SwtDivaLove 2006-07-21, 7:36 am |
| Just as the subject says...
I'm sick of people proxying through my computer. I've got a bizillion
at a minimum attempting to proxy through it.
I understand it's good caching, but that's what Squid Guard is for.
Even after putting in this exactly:
NoProxy localhost 127.0.0.1:80
NoProxy 192.168.1.102:80
NoProxy ###.###.###.###:80
ProxyBlock ###.###.###.###:80
ProxyBlock localhost:80
ProxyBlock 192.168.1.102:80
<Limit CONNECT>
</Limit>
<Proxy *>
Order Deny
Deny from all
</Proxy>
proxyrequests off
proxyvia off
Commented out the line #LoadModule proxy_module
modules/libproxy.so
They are still able to proxy through it? This is BS.
This is a huge mistake to even have, as 50 billion porn sites attempt
to go through my tiny server to do their own bidding and no matter
what, I cannot honestly stop it.
I don't need it, don't want it, and I want to get rid of it.
If I have to compile it from source and making sure that it's not part
of the Apache build, then I will do it.
But, I don't want to go through that hassle... I shouldn't have to go
through it anyway.
What if I remove the libproxy.so completely, would that stop it?
I don't care anymore, I want it gone. And I need help getting rid of
it.
I don't want to limit it, I don't want them to even try to go through
my server.
I still get BS in my logs, even after doing everything I've read on the
internet about this stupid module.
Sorry for sounding upset, my connection is crap now because no matter
what I do, I can't keep them from hitting my IP with a bazillion sites
at the same time as they attempt to use my server as a stupid proxy.
If I'm doing something wrong, then help me to completely shut it down,
PLEASE?
| |
| Davide Bianchi 2006-07-21, 7:27 pm |
| On 2006-07-21, SwtDivaLove <colonel_angel2004@yahoo.com> wrote:
> They are still able to proxy through it?
They are probably not. Check your log file, I've an hunch that what they
got is your home page.
> what I do, I can't keep them from hitting my IP with a bazillion sites
Use your firewall, just block the IPs that try to do so.
Davide
--
Microsoft: You've got questions. We've got a dancing paperclip.
-- From a Slashdot.org post
| |
| SwtDivaLove 2006-07-22, 1:24 am |
|
Davide Bianchi wrote:
> On 2006-07-21, SwtDivaLove <colonel_angel2004@yahoo.com> wrote:
>
> They are probably not. Check your log file, I've an hunch that what they
> got is your home page.
>
>
> Use your firewall, just block the IPs that try to do so.
>
> Davide
>
> --
> Microsoft: You've got questions. We've got a dancing paperclip.
> -- From a Slashdot.org post
I have... But, I can't block them all either... I've already added
over 100 in just the first 2 hours I had my server back up and
running... I can't keep up with that.
Still though... Why include something like a proxy that is near
impossible to turn off. I shouldn't have to turn it off, it should
automatically be off to begin with, then let people turn it on if they
want.
I need to get this turned completely off.
The help files are not much help... No full syntax on what to do.
So, I've got to figure out how to do this, otherwise I'm going to go
insane.
| |
|
| "SwtDivaLove" <colonel_angel2004@yahoo.com> schreef in bericht
news:1153528706.227395.77570@s13g2000cwa.googlegroups.com...
In short: nothing. Just like sealing your mailbox won't keep the postman
from driving by: your address remains public.
[vbcol=seagreen]
> I have... But, I can't block them all either... I've already added
> over 100 in just the first 2 hours I had my server back up and
> running... I can't keep up with that.
Given the stated magnitude of requests something has been or still is BAD in
your config.
Has your IP changed recently, it might have been in use by a wide-open proxy
before it was assigned to you...
Are you sure _all_lines_ refering libproxy.so are disabled in or removed
from your config file and its includes?
TEST1: rename libproxy.so and restart apache.
TEST2: execute ' apache2 -l' and observe the list: mod_proxy should _not_ be
in the list ...
If it is consider reinstallang or recompiling ...
NOTE: The name of the executable may vary per version or redistribution.
TEST3: Check your access_log for lines having "GET
http://not.yourdomain.country/ .... HTTP/1.."
The two figures following these snippet are 'response code' and 'response
length'.
If the code is NOT 20x or 30x, I'ld consider myself as safe as can be.
If not, verify length to NOT match the size of the response giving by server
homing thesite. The more these figures differ, the better the chance you are
safe too.
> Still though... Why include something like a proxy that is near
> impossible to turn off. I shouldn't have to turn it off, it should
> automatically be off to begin with, then let people turn it on if they
> want.
It is not activated by the default config distributed by www.apache.org,
however your redistibuter -or anyone- _might_ have turned it on ...
> I need to get this turned completely off.
Even while turned off, you _can_not_ stop requests from entering your
equipment. Even if you block them from reaching apache, still they consume
part of your download bandwidth.
Find below a fully untested 'braindump', if working it'll at least save you
some upload bandwidth.
It should make the bad requestor beleave the requested page is known to have
been here but now is GONE, response code 410: the stronger brother of 404
'NOT FOUND'.
rewritecond %{HTTP_REQUEST} ! ^(your.domain.country|your.alias.country)/
rewriterue ^http: - [G,L]
HansH
| |
| Davide Bianchi 2006-07-24, 7:32 am |
| On 2006-07-22, SwtDivaLove <colonel_angel2004@yahoo.com> wrote:
> Still though... Why include something like a proxy that is near
> impossible to turn off.
It is very possible to turn it off, if you don't want it. Besides, if you
do a quick scan of past messages in this group, you'll see how lots and
lots of people are using such thing to generate "luser-friendly" url
(if this is something good or not, I'll leave it to you).
If it's compiled built-in (httpd -l will tell you) use ProxyVia Off /
ProxyRequest Off), if it's compiled as a module, remove the LoadModule
directive.
Note, that this will probably not stop people from trying to use your
system as a proxy.
Davide
--
Doing things randomly is what Admins do best.
clickety-click
-- Joe Moore on alt.sysadmin.recovery
| |
| SwtDivaLove 2006-07-26, 1:29 pm |
|
Davide Bianchi wrote:
> On 2006-07-22, SwtDivaLove <colonel_angel2004@yahoo.com> wrote:
>
> It is very possible to turn it off, if you don't want it. Besides, if you
> do a quick scan of past messages in this group, you'll see how lots and
> lots of people are using such thing to generate "luser-friendly" url
> (if this is something good or not, I'll leave it to you).
>
> If it's compiled built-in (httpd -l will tell you) use ProxyVia Off /
> ProxyRequest Off), if it's compiled as a module, remove the LoadModule
> directive.
>
> Note, that this will probably not stop people from trying to use your
> system as a proxy.
>
> Davide
>
> --
> Doing things randomly is what Admins do best.
> clickety-click
> -- Joe Moore on alt.sysadmin.recovery
Appreciate all the help!  Decided to move away from Mandrake and
upgraded to RH-FC5, and that seems to have stopped the proxying
completely. Different Apache build, and when I commented out the lines
for proxying, and renamed the files accordingly, no more proxying.
When I upgraded to RH-FC5, proxying was enabled in the conf, so before
I fired httpd up, I made sure that all of the above was turned off.
|
|
|
|
|