[Zope] Help: mod_proxy exploit on apache + zope
Wayne Connolly
wayne@c-media.com.au
Thu, 13 Mar 2003 15:01:01 -0800 (PST)
All,
My server was used for hacking other servers by some
morons. mod_proxy was set wide open - we were getting
used as a relay for attacks on all sorts of servers.
For the sake of people getting attacked, I've had to
set it to Deny from all.
This seems to have broken my zope sites, however.
I have a machine with virtual hosts with freebsd,
apache2, and zope. Im using rewrite rules to make zope
work. Both mod proxy and mod rewrite are enabled.
Does anyone know of a fix?
We need to only allow certain interactions with zope
to take place(localhost) and that is from zope
domains.
I heard about the use of
http://httpd.apache.org/docs-2.0/mod/mod_cgid.html
with zope and apache2... can anyone help? If they can
ill write up a full how-to on it as it is of a high
importance for zope hosters i think...
Panicing,
Wayne.
wayne@c-media.com.au
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com