Wayne, Heh, I feel for you! I've had a server hacked in the past :) Yes, you can close down your mod_proxy by simply using: <LocationMatch "^[^/]"> Deny from all </LocationMatch> I actually got that off of the Zope website. It refuses requests that don't start with "/" ... This way only requests that are local are accepted, I even tested it and it worked fine, you get a nice Apache access denied error if you try to transparently use the proxy. Hope this helps! J.F. -----Original Message----- From: Wayne Connolly [mailto:wayne_connolly@yahoo.com] Sent: Thursday, March 13, 2003 6:01 PM To: zope@zope.org Subject: [Zope] Help: mod_proxy exploit on apache + zope All, My server was used for hacking other servers by some morons. mod_proxy was set wide open - we were getting used as a relay for attacks on all sorts of servers. For the sake of people getting attacked, I've had to set it to Deny from all. This seems to have broken my zope sites, however. I have a machine with virtual hosts with freebsd, apache2, and zope. Im using rewrite rules to make zope work. Both mod proxy and mod rewrite are enabled. Does anyone know of a fix? We need to only allow certain interactions with zope to take place(localhost) and that is from zope domains. I heard about the use of http://httpd.apache.org/docs-2.0/mod/mod_cgid.html with zope and apache2... can anyone help? If they can ill write up a full how-to on it as it is of a high importance for zope hosters i think... Panicing, Wayne. wayne@c-media.com.au __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )