[Zope] Help: mod_proxy exploit on apache + zope
Dave Hall
dave-zope@dnh.sk.ca
Thu, 13 Mar 2003 17:43:06 -0600
On Thu, Mar 13, 2003 at 03:01:01PM -0800, Wayne Connolly wrote:
> All,
>
> My server was used for hacking other servers by some
> morons. mod_proxy was set wide open - we were getting
> used as a relay for attacks on all sorts of servers.
> For the sake of people getting attacked, I've had to
> set it to Deny from all.
Are you using it as a regular proxy or just to front-end Zope?
If you're just front-ending Zope, then check to make sure "ProxyResuests"
is NOT set to On. This will enable the proxy service which you don't
need.
You will need the proxy module loaded for rewrite to fetch the URL from
Zope but you shouldn't need the proxy service enabled.
> This seems to have broken my zope sites, however.
Yup. mod_rewrite uses parts of mod_proxy.
--
Dave
===============================================================
| <- You must be smarter than this stick to ride
the Internet -Mike Handler
===============================================================