Server :: Disabling Apache Mod_proxy Features
Mar 31, 2011
I'm using CentOS 5 and just found out that there are people using my Apache Web Server as proxy (version 2.2.3 the OS's default).
I've checked out that my mod_proxy is already disabled but the unauthorized incoming request is still very large.
So I tried to compile an Apache from raw (2.2.17) just enabling mod_rewrite and then found out that the 'proxy' request is still there.
Tried httpd -l and here are the modules inside the Apache :
Code:
# /opt/apachew/bin/httpd -l
Compiled in modules:
core.c
mod_authn_file.c
[Code]....
There should be no mod_proxy but why should it still accepting proxy request? I checked the access_log file and still found [URL] and so on.
My question is : - How to block all the proxy request and only accepting the normal web server request? I also have tried to enable proxy in the previous Apache and then setting up "ProxyRequest Off" and Proxy * only from localhost but the request is still there.
I tried by myself using the webserver as proxy in browser and all the URLs I opened including the false URL will be redirected to my index.php and this should show me that 'you-can't-use-this-as-proxy-anymore' right?
Insane people still believe they could use my server and they keep trying and trying.
I couldn't block the IP addresses because some of them are using the mobile data (GPRS/UMTS) and that is our market for the website.
View 5 Replies
ADVERTISEMENT
Nov 3, 2010
I have figured out how to use virtualhost, proxypass and proxypassreverse. So far, so good.
The problem I'm experiencing is this:
I have a reverse proxy server running apache (123.123.123.123)
Behind this proxy server I have a http server running apache (124.124.124.124).
This http server has multiple sites (virtualhost), it's only reachable via the proxy server.
If i run a nslookup on www.somedomain.com I get 123.123.123.123 (Not really but you understand what I mean)
I put my proxy to have the IP 123.123.123.123, so far so good. The requests come in to the proxy server.
I want my http server to be named 124.124.124.124.
In the http server I wish to set up my virtualhosts like this:
How do I get my proxy to grab the data from the http server?
If I do like this I will only make another request to my proxy server.
If I do like this, only the first page in the httpd.conf in my http server will work.
Do I need to setup a different DNS server for the proxy server? I would hate that. Perhaps use hosts-file in proxy. Or maybe I can use sub-domains?
View 1 Replies
View Related
Mar 29, 2009
I'm running Fedora 10 with Apache 2.2.11 and I noticed something a little strange going on. This morning, logwatch alerted me to the following concerning apache:
Code:
Sure enough, the apache access log file shows the following:
Code:
mod_proxy is disabled in the apache config file anyway (default mod_proxy commented out):
Code:
When I tried to access my web server to check, it was down, and I got the following when checking its status:
Code:
So I checked the apache error logs and found the following:
Code:
There's nothing wrong with line 188 of the config file:
Code:
It seems fairly apparent that there has been an attempt to use my web server as a proxy to gain access to other servers, so I have a couple of questions:
1) I presume that the attack failed, since mod_proxy was disabled?
2) Why did my web server crash? (It has never done this before). It seems very suspicious that it tried to restart, but failed to load proxy_module modules/mod_proxy.so on the same night that someone had attempted to use mod_proxy. I have since successfully started apache without making any configuration changes.
3) Do I need to worry that any part of my system has been compromised?
View 4 Replies
View Related
Feb 11, 2010
Just followed the link [URL] for installing apache with --enable-so only. How can I install mod_proxy into the same?
View 2 Replies
View Related
Aug 22, 2010
I am trying to create solution with Reverse Proxy, mod_proxy and mod_proxy_connect. I haven't really used this before so I am just curious if I am doing it right. I have attached what I am trying to do plus a copy of the config:Here is my current requirement
We are going to have 3 servers, right now our top level domain is[URL] We have an E-Commerce Server in Production Right now that already has an SSL Cert on it so right now the production server for E-Commerce is [URL] However, as we are growing, we don't want to use subdomains, so instead, we want to use the reverse proxying feature on apache. We are running mostly windows servers and IIS for the E-Commerce, CMS and the Wordpress Server. Assume the following -
Apache Proxy Server 10.100.10.60
E-Commerce Server 10.100.10.3 (www.ooolalashop.com)
Content Management Server 10.100.10.3 (cms.ooolalashop.com)
Word Press Blog Server 10.100.10.3 (blog.ooolalashop.com)
1) We need the following mapped
[URL] - maps to ecommerce server - since ssl cert is going to stay on the server, on the proxy we just create a static host that points to the e-commerce server
[URL]
All of these should be pretty easy to reverse proxy
2) We need to be able to proxy the SSL connection or have it pass through to the server on the back end with the domain [URL] right now we are getting some errors Here is the error I get with SSL [Sun Aug 22 01:51:30 2010] [warn] proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
Here is a copy of the config
<VirtualHost *:80>
ServerAdmin support@cometcomputing.com
ServerNamewww.ooolalashop.com
DocumentRoot/var/www/ooo
[code]....
View 1 Replies
View Related
May 14, 2010
I seem to be having a problem with mod_proxy and https websites. A simple connection to port 80 works fine but all calls to 443 fail.
I had a look at my firewall but can't see anything that would block port 443, although I get no tcpdump traffic on that port on the deb01 client when I try and connect to it. I disabled the firewall but still no luck.
My configuration consists of 3 VMs (KVM) each running a different website.
I get the following error when connecting to ssl deb01
Code: An error occurred during a connection to deb03.example.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The following is what can be found on the host
Code:
View 1 Replies
View Related
Apr 12, 2010
Dom0 is having public IP. I read a lot of blog and tutorials about name based and IP based hostings and also about mod_proxy. But I am unable to do.
Here is what I am trying to do. I have a webserver on public IP.Which is running Xen on it. There are 4 Guest Operating systems installed on top of Dom0 which are Dom1,Dom2,Dom3,Dom4 These are application servers which are going to serve the requests that come from the main server.Which is Dom0.
All I see is "It works" on all 4 of the hosts. On my LAN on any machine on same subnet if I do [url] of Domu1 message comes
Code:
in browser from LAN gives me a message
Code: It works.
What do I need to do on Dom0 so that requests are forwarded to the appropriate DomUs apache2 is running on all of them including Dom0.Some one suggested me to go for ReverseProxy in Apache2.
View 3 Replies
View Related
Mar 9, 2010
i'm using apache2 prefork as proxy (mod_proxy) and i'm facing some performance problems such freezes , for instance the entire server blocks and becomes totally unresponsive after several requests.
at first i thought that the system is running out of memory so i tweaked the mpm config and reduced the number of allowed processes that can start concurrently , however the problem still persists..would mpm worker serve better than prefork ?
View 1 Replies
View Related
Dec 24, 2010
I have a server acting as a proxy to a couple of IP cameras on my local network. The IP cameras require HTTP-Authentication (Basic) but I want the outward facing Apache server to automatically log in without prompting the user for a login.
My current configuration is:
Code:
That works as a proxy but still asks for a HTTP Auth login. Can I get Apache to pass the login details to the IP cameras so users can just hit up the proxy and view the camera without having to log in?
View 2 Replies
View Related
Apr 29, 2010
I have just been told that httpd was not running on my Centos virtual server. It seems that my hosting company rebooted my server 2 days ago and that httpd restart failed due to:
Starting httpd: httpd:
Syntax error on line 213 of /etc/httpd/conf/httpd.conf:
Syntax error on line 2 of /etc/httpd/conf.d/proxy_ajp.conf:
Cannot load /etc/httpd/modules/mod_proxy_ajp.so into server: /etc/httpd/modules/mod_proxy_ajp.so: undefined symbol: proxy_module
I had worked around and forgotten about this some time ago. The problem arose because the most recent httpd update installed proxy_ajp.conf into /etc/httpd/conf.d which was then loaded on restart The trouble is I do not use mod_proxy (I think just to try and get a lean and mean web server) and proxy_ajp.conf does not check if mod_proxy is loaded before it tries to LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Hence httpd fails to restart. RedHats's bug tracker lists this as an old issue (which was never resolved) [URL] My workaround was to rename proxy_ajp.conf to proxy_ajp.conf.orig so that httpd would start up correctly. However any updates simply reinstall proxy_ajp.conf and so IMO the problem needs to be resolved at source. how to ensure that httpd updates do not bite me in the future? Do I really have to run mod_proxy whether or not I need it?
View 6 Replies
View Related
Oct 14, 2010
I am trying to solve a problem where Apache stats aren't displaying correctly in Munin. I've ran through quite a bit of checks and tests regarding Munin setup, but I think my issue is related to Apache, but my skill set there is lacking.
first, system info:
monitored server:
CentOS 5.3 2.6.18-128.1.1.el5
[code]....
View 7 Replies
View Related
Oct 6, 2009
is there a way to set-up a file system, where you have multiple nodes (PC's) linked to one storage pool? ZFS seems to support this idea with multiple disks on one node, but could you connect multiple nodes in this manner?
View 3 Replies
View Related
Jun 17, 2011
I am currently looking for a file system that needs to be distributed over several nodes and need redundancy, like RAID5, and the ability to grow if needed, like LVM. Also not all nodes are going to be located in the same data center, but I guess that's not that important as long as the connection between DCs is sufficiently fast. I am currently looking at AFS, Coda, GFS and OCFS to see if they have what I need.
Edit: I just figured that it may be better to have the RAID5-like setup within one location, and have RAID1-like mirroring between the locations. That would probably better for performance, right?
View 2 Replies
View Related
Mar 17, 2011
I have set up a nis slave server on Fedora 14. It was set up on a laptop so that the user can log in when he is at home (no NFS, local home dir). However, whenever the eth0 is disconnected, ypbind fails.
I have tried the same setup on a RHEL 4 (configured it as a slave server) against the same master nis as on the Fedora 14. Disabling eth0 on it however does not fail ypbind.
View 4 Replies
View Related
Feb 4, 2010
Any one have an idea How to clear apache cache without restarting apache server.
View 5 Replies
View Related
Jan 24, 2010
I am upgrading my server and I have a lot of sites. Since I cannot take my server down for a few days, maybe a week until I manage to migrate all the sites to the new machine, I figured I could migrate them one by one. After migrating one, I would somehow tunnel the requests of that name virtual host to my internal machine. When everything is migrated, I would then switch the machines, update ip's and stuff and everything will work just fine.
However I cannot seem to find a way to do this tunneling. is this at all possible? If not, what alternatives do I have?
View 5 Replies
View Related
Jun 6, 2011
I can't figure out how to prevent Zend Server starting at boot up. My temporary solution is to issue the following after boot-up:
Code:
sudo /usr/local/zend/bin/zendctl.sh stop
I'd like to:
1. Prevent it from starting during boot
2. Create two launcher icons to Start and Stop Zend Server
View 1 Replies
View Related
Jul 19, 2011
There are over a dozen of servers that I need to monitor for services running on them. Hence, I have created a separate VM on which I am hosting scripts for various purposes. I have written a script (bash) that checks the status of the services running on those servers. Since my script has this line of command (for example):
Code: /sbin/service vsftpd status I have created a user (let's name it user_monitor) and added it to /etc/sudoers file by issuing "visudo" on all the servers. Since I need to execute the command remotely from the VM so I have generated a Public RSA Key (ssh-heygen) and added it to "authorized_keys" file on all the servers. But on some servers when issue a command such as the following:
[Code]....
View 4 Replies
View Related
Dec 3, 2010
I�m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack.For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP.Here�s an example:
Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found
[code].....
View 1 Replies
View Related
Feb 23, 2011
I wanted to know if it is possible to turn off readdirplus calls at the server side. I am currently using a fedora core 8 server.
View 1 Replies
View Related
Apr 2, 2010
I have a Centos NIS server that is working fine with other linux clients. i need to have a Solaris 8 client bind to the NIS domain and found out that Sol8 does not support MD5 format passwords that the NIS master is generating. so i am trying to disable the MD5 encryption on the nis master and it does not seem to work. i run this command
authconfig --disablemd5 --enablenis --nisdomain=lab --updateall
and it restarts portmap and nis services ok. on the master server i then do a yppasswd username and a make passwd and it still uses the 34 char password format. what do i need to do to disable MD5 passwords in a centos nis server?
View 2 Replies
View Related
Feb 4, 2010
We are having 12 windows computers xp which are connected to a linux machine which has samba server installed on it for backup purposes of these 12 windows users. We want the like this , that a user copy a folder from their local machine and paste it to the samba server . but they cannot delete this folder once the backup is there at linux machine.
So this is working fine. But our users are able to Rename the folder they have pasted at linux machine which we dont want . and even they are able to cut and paste files from 1 folder to another folder in the samba server. We just want them to copy a file or folder from their local windows machine and paste to samba server and they can also read it (copy and paste back to their windows computer)whenever they want . but we dont want them to cut and paste within linux machine and rename that file as well.
View 1 Replies
View Related
Apr 15, 2010
I have a proxy with SSL that forward any request to a backend platform. In this moment I have a problem if I'm trying to execute an activex on the backend platform. I'm reading that the mod_proxy blocks any activex request because it don't trust for the system. How I can do? I'm reading about mod_security.
Code:
View 2 Replies
View Related
Feb 28, 2010
I built a home server (NAS/WWW/SSH/media server etc) and chose CentOS 5 as the OS (stability, easy of configuration).I was just about to start tuning the power consumption when I realised that the kernel CentOS uses is so "old" that it does not support the latest reduced power consumption enhancements that Linux has achieved in big strides in the recent past (we are probably still talking 6-12+ months ago e.g. tickless kernel)..
So my questions; 1) I know CentOS was maybe not meant for home servers (certainly its not its primary purpose), but if it is, any ideas of what kind of power consumption it takes (I know its relative) and if there are particular power consumptions that are worthwhile?
2) Do you recommend me compiling my own 2.6.21+ kernel from kernel.org or am I just likely to have compatibility issues (I really did not want to do that) or when is CentOS 5.4 supposed to have a newer 2.6.21+ version kernel?
Was it wrong of me in principle to choose CentOS for a home server when I am power conscious? (I don't have a low-power VIA processor either but a P4 so I am really just hoping to make do with software changes).
View 4 Replies
View Related
Apr 15, 2010
I have an httpd server with mod_proxy that forward any request to an another server.
the flow is: client --> requesto proxy [url]forward to server [url]
I'm reading this error in my httpd log in LogLevel debug (after some request):
Code:
Code:
and this is my ssl.conf in /etc/httpd/conf.d
Code:
how I can find the root cause?
View 2 Replies
View Related
Nov 19, 2010
I'm working on setting up a hosted OSS app on a VPS and have a question about doing some proxying. I have Centos 5.5/Apache 2.2 running on 2 VPS's, in different locations, accessible from the net. One of these hosts the app itself, the other will be used as a web portal where the end user will login to auth and then be able to access the app. Now, since I don't wan't access to the app server from the world at large, I want to firewall it and only allow access from the portal machine. So what I think I need to do is set up a reverse proxy with mod_proxy, and then if the end user auths forward them to a specific url on the app server.
So when they connect to [url] and log in I need them to be redirected to app.machine.com/theirdir
So the questions I have are:
1) Can this be done? If so, is mod_proxy the way to do it? Configuring Apache isnt a problem, but I havent worked with mod_proxy.
2) If this does work, will it also work with SSL?
3) I've seen a few small tutorials on the net, but not doing exactly what I want to. They all use the reverse proxy with a public IP connecting to a server with a private IP behind a firewall, while I have public IP's on both ends. From a network standpoint I know this shouldn't matter, but I'm not familiar with mod_proxy's particulars itself.
View 1 Replies
View Related
Feb 5, 2010
I set up mod_proxy in order to get rid of :8080 now I cant access phpmyadmin through the browser. what is the quickest way to turn off mod_proxy and access phpmyadmin? I would like to optimize the tables and back up the sql file. I just need to turn it on for a bit, and then enable mod_proxy again.Right now, if I got to localhost/phpmyadmin, it redirects to the main application.
I have used a2enmod, and added
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_ajp
[Code]...
View 2 Replies
View Related
Jan 20, 2011
I am installing Big Brother on a CentOS 5.2 running the default Apache 2.2.3. When I try to access any web page I get the following error: Forbidden You don't have permission to access /bb/ on this server. Apache/2.2.3 (CentOS) Server at fmsubbnix Port 80 So far I have:
1) Set the Directory options to FollowSymLinks
2) Verified all directory and file permissions are at 755
3) Set permissions temporarily to 777 and received same error so I am assuming the issue is in a config file somewhere
4) in hhtpd.conf verified <Files ~ "^.ht"> is correct
5) verified the "default" directory is correct (/var/www/html)
I have read and tried several ideas in posts listed on the web but to no avail and am at a loss as to what to look for next..
View 3 Replies
View Related
Apr 21, 2011
I'm running a linux cloud server with the following config
1.2ghz Processor allocation
752MB Ram
The site loads slow and clicking a link almost freezes the page for a second. Also, the page loads could be much faster. We've been running mysqltuner and have pretty much optimized all slow queries. Is there anything we can do to fine tune the server for faster and more responsive?
Httpd.conf
Timeout 20
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule prefork.c>
code....
View 2 Replies
View Related
Mar 20, 2010
I have a php app set up in the default virtualhost, and want to add a Grails app. The grails app runs on [URL] and I want to configure apache2 to proxy that folder to Jetty using mod_proxy.
Module is enabled
Code:
$ sudo a2enmod proxy
Module proxy already enabled
[code]....
Quote:
[Sun Mar 21 00:14:56 2010] [warn] proxy: No protocol handler was valid for the URL /mailscan. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. My apache2.conf contains no LoadModule lines, and a2enmod says it's already enabled. Does Ubuntu Desktop (Karmic) use the DSO versions of modules, or did I miss something else? I'm aware I should also use mod_proxy_html to make sure only the "portless" version of the address is outputted, but I can fix that later!
View 1 Replies
View Related
