Em Andamento

troubleshoot: how to make Apache stop accepting http proxy requests

By default, the Apache webserver on CentOS 5.4 seems to accept "http proxy-style" requests and serve files that are located on that webserver. For example, if you set your browser to use [[url removed, login to view]][1] port 80 (my site) as an http proxy, and then in your browser you type <[url removed, login to view]> , it will bring up the [url removed, login to view] front page. If you type in <[url removed, login to view]> , it will bring up the contents of the page [url removed, login to view]

At the level of the HTTP headers, this means that if you send the server a request of the form

GET [http://<any][2] hostname>/[url removed, login to view]

the server will respond by serving back the contents of <[url removed, login to view]>

Some users have been using this to abuse our site (the exact situation is too complicated to describe right now) so I want to turn this behavior OFF, while making the minimum amount of changes to the server configuration.

I've posted a copy of the [url removed, login to view] file here:

<[url removed, login to view]>

(Note, I've commented out some modules because I thought that would fix the problem, even though it didn't -- see "deliverables" below for more details.)

I can't give out shell access to the server (it's too risky), so if you need to "experiment" to find a way to turn it off, try it on your own server first -- and then once you've verified that it works, I can try it on mine.

You can bid, or if you just offer some advice, I'll send you a bonus if it works:) Whenever I post "troubleshooting" jobs, I always send a bonus to anyone who comes up with something helpful, even if they don't bid!

## Deliverables

I just need a way to turn off apache's "http proxy" behavior, as described above.

However, here are some things that I cannot do, or things that I've already tried:

1) Someone told me to disable mod_proxy and mod_rewrite. So I commented out all the lines in [url removed, login to view] that began with "LoadModule rewrite_" or "LoadModule proxy_", as you can see in

<[url removed, login to view]>

and also commented out the line "LoadModule proxy_ajp_module modules/[url removed, login to view]" in a file called /etc/httpd/conf.d/[url removed, login to view] , and restarted httpd. However that did not fix the problem, it's still accepting those "http proxy" requests.

2) Someone told me that this is caused because I have a "default virtualhost" pointing to /var/www/html and I could fix this by using hostname-based virtualhosts.

However it is not an option to change this on all the servers where I want to fix this, because people access those servers using different hostnames and different IP addresses, and because of the way the servers work, the same content should be served in every case. (Yes, the same content, regardless of which hostname was used to access the server.) So I cannot change the "default virtualhost".)

## Platform

This is Apache/2.2.3 on CentOS 5.4 where I need the config changes made.

Habilidades: Linux

Ver mais: you proxy google, where to find jobs, want to make site, use case how to, shell jobs, public works jobs, on line jobs with google, make work jobs, make line, jobs that serve, jobs port, i want to make my site, how would you describe your work style, how to post, how to make site on google, how to html 5, how to get people to do things, how to fix my, how to fix com, how to find jobs, how to find a file in linux, how make site, how i make my own site, how do you get linux, how do you find work

Acerca do Empregador:
( 128 comentários ) Bellevue, United States

ID do Projeto: #2998542

Premiar a:

vsespb

See private message.

$34 USD em 14 dias
(16 Avaliações)
4.2

3 freelancers are bidding on average $18 for this job

Broken

See private message.

$8.5 USD in 14 dias
(9 Comentários)
3.7
peanuxsl

See private message.

$11.05 USD in 14 dias
(12 Comentários)
2.9