[Zope] apache open proxy configuration problem

Ed Colmar ed at greengraphics.net
Fri Oct 14 17:18:38 EDT 2005 

I've been running zope through apache for years and years now, and I 
have a new machine set up with apache 2.0.48 and zope (Zope 2.8.0-final, 
python 2.3.5, linux2)

Using Identical Vhost configuration settings from an old machine all has 
been well, up until about 5 days ago, when I noticed the machine getting 
slammed, and wierd logs started showing up like:

xxx.xxx.xxx.xxx - - [14/Oct/2005:14:09:06 -0700] "GET 
http://partners.mygeek.com:80/search.jsp?partnerid=98885&pagesize=12 
HTTP/1.1" 403 406

(IP removed to protect the guilty)

In my quick research to try to determine the problem, I found people 
advising to turn "ProxyRequests Off", which I did, but did not have any 
effect.

Luckily this is just a development server, not a live production server, 
so its not super critical, but I'm nervous now that my production server 
might be in the same state...

Here is a sample vhost.conf entry:

NameVirtualHost 192.168.1.32
<VirtualHost 192.168.1.32>
ServerName www.greengraphics.net
ServerPath /var/www/greengraphics/www
DocumentRoot /var/www/greengraphics/www
ServerAdmin webmaster
RewriteEngine On
TransferLog logs/Vhost-greengraphics-access.log
ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
ProxyPass / 
http://192.168.1.32:8080/VirtualHostBase/http/www.greengraphics.net:80/greengraphics/VirtualHostRoot/
ProxyPassReverse / 
http://192.168.1.32:8080/VirtualHostBase/http/www.greengraphics.net:80/greengraphics/VirtualHostRoot/
</VirtualHost>



mod_proxy.conf looks like:




<IfDefine HAVE_PROXY>
  <IfModule !mod_proxy.c>
    LoadModule proxy_module             modules/mod_proxy.so
    #LoadModule proxy_connect_module    modules/mod_proxy_connect.so
    #LoadModule proxy_ftp_module        modules/mod_proxy_ftp.so
    LoadModule proxy_http_module        modules/mod_proxy_http.so
  </IfModule>
</IfDefine>

<IfModule mod_proxy.c>

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#

ProxyRequests Off

<Proxy *>
    Order deny,allow
    Deny from all
#    Allow from .your-domain.com
</Proxy>

#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: 
headers)
# Set to one of: Off | On | Full | Block
#

ProxyVia On

# End of proxy directives.

</IfModule>


any suggestions?  places to look to verify security?

Thanks!

-ed

More information about the Zope mailing list