Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

www.xxxcon, www xxxcon, board.issociate.de, registrieren fehler dll server 0x8002801c, far2 vs near2 raid10, access abfragen aus linux, "Can't send mail: sendmail process failed with error code 69", superduper 2.1.4 serial, www.xxx.con, 192.168.1.41:8000

Links

XODOX
Impressum

#1: Proxy "Open Relay" used to send messages - Apache2

Posted on 2003-07-31 16:37:32 by Fabiano Felix

Hello All,

I'm having problems with "Open HTTP Proxy" Relay. Some spammers are
using my proxy to send messages with other mail servers (my proxy is
"trusted" for this mail servers). After tests, I concludes that the
method used for this is a connection by "http-post" (tested with
pxytest.pl (http://www.unicom.com/sw/pxytest)). If I block "http-post",
probably my proxy will not function. Someone has this problem? How to
solve this.
My proxy configuration (it's an Apache2):
"
<VirtualHost 10.1.144.3:80>
ServerName msexchange.xxxxxxx.com.br
UseCanonicalName On
ProxyVia On
ProxyRequests On
ProxyPass / http://10.2.144.4/
ProxyPassReverse / http://10.2.144.4/
ProxyPreserveHost On
ProxyPass /exchange/ http://10.2.144.4/exchange/
ProxyPassReverse /exchange/ http://10.2.144.4/exchange/
ProxyPass /exchweb/ http://10.2.144.4/exchweb/
ProxyPassReverse /exchweb/ http://10.2.144.4/exchweb/
</VirtualHost>
"

Regards,

Fabiano Felix

Report this message

#2: Re: Proxy "Open Relay" used to send messages - Apache2

Posted on 2003-07-31 21:11:13 by Fabiano Felix

Hello All,

I found the solution: the parameter "ProxyRequest" is enabled, but isn't
necessary (this is causing the problem, since it's permit the use of
proxy as a relay)...

Thanks and regards,

Fabiano Felix

Em Qui, 2003-07-31 às 11:37, Fabiano Felix escreveu:
> Hello All,
>
> I'm having problems with "Open HTTP Proxy" Relay. Some spammers are
> using my proxy to send messages with other mail servers (my proxy is
> "trusted" for this mail servers). After tests, I concludes that the
> method used for this is a connection by "http-post" (tested with
> pxytest.pl (http://www.unicom.com/sw/pxytest)). If I block "http-post",
> probably my proxy will not function. Someone has this problem? How to
> solve this.
> My proxy configuration (it's an Apache2):
> "
> <VirtualHost 10.1.144.3:80>
> ServerName msexchange.xxxxxxx.com.br
> UseCanonicalName On
> ProxyVia On
> ProxyRequests On
> ProxyPass / http://10.2.144.4/
> ProxyPassReverse / http://10.2.144.4/
> ProxyPreserveHost On
> ProxyPass /exchange/ http://10.2.144.4/exchange/
> ProxyPassReverse /exchange/ http://10.2.144.4/exchange/
> ProxyPass /exchweb/ http://10.2.144.4/exchweb/
> ProxyPassReverse /exchweb/ http://10.2.144.4/exchweb/
> </VirtualHost>
> "
>
> Regards,
>
> Fabiano Felix

Report this message

#3: RE: Proxy "Open Relay" used to send messages - Apache2

Posted on 2003-08-04 10:55:13 by FLombardo

I've a little work around for this problem:
I've found out that you're using mod_proxy to proxy an OWA connection, =
so better configuration is for first to use an SSL-ONLY connection, you =
are using basic auth, isn't it?!?

After that, use this configuration in ssl.conf

<VirtualHost ip:443>

SSLEngine on
SSLProxyEngine on
SSLProtocol +all
SSLCipherSuite HIGH:MEDIUM

SSLCertificateFile /apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /apache/conf/ssl.key/server.key

<Files ~ "\.(cgi|shtml|phtml)$">
SSLOptions +StdEnvVars
</Files>


ServerAdmin address
ServerName name:443
=20
<Location "/exchange">
ProxyPass https://servername/exchange
ProxyPassReverse https://servername/exchange
</Location>

<Location "/exchweb">=20
ProxyPass https://servername/exchweb
ProxyPassReverse https://servername/exchweb
</Location>

<Location "/public">
ProxyPass https://servername/public
ProxyPassReverse https://servername/public
</Location>
ErrorLog logs/owa_ssl_error
CustomLog logs/owa_ssl_acces common
CustomLog logs/ssl_owa_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# mod_security Configuration

SecFilterEngine On
# SecAuditEngine On
# SecAuditLog logs/audit_log
# SecFilterScanPOST On
SecFilterDefaultAction deny,log,status:409
# Filters
SecFilter "\.\./"
SecFilter "<( |\n)*script"
SecFilter "<(.|\n)+>"
SecFilter "root.exe*"
SecFilter "cmd.exe*"
SecFilter "default.ida*"
SecFilter "delete( |\n)+from"
SecFilter "insert( |\n)+into"
SecFilter "select( |\n)+from" =20
=20
=20
</VirtualHost>

As you can see I'm also using mod_security for enhancing protection.
Remember to DISABLE ProxyVia and ProxyRequest! (just don't insert the =
variables)

This might work.

Any feedback will be appreciated.


Federico

Lombardo Federico, Network Administrator & IT Security Manager=20
Tel. +396.47841.362 =20
Grandi Stazioni S.p.A.=20
Via G. Giolitti 34=20
00189 Roma=20
Italy=20


-----Original Message-----
From: Fabiano Felix [mailto:felix@getnet.com.br]=20
Sent: gioved=EC 31 luglio 2003 16.38
To: modproxy-dev@apache.org

Hello All,

I'm having problems with "Open HTTP Proxy" Relay. Some spammers are
using my proxy to send messages with other mail servers (my proxy is
"trusted" for this mail servers). After tests, I concludes that the
method used for this is a connection by "http-post" (tested with
pxytest.pl (http://www.unicom.com/sw/pxytest)). If I block "http-post",
probably my proxy will not function. Someone has this problem? How to
solve this.
My proxy configuration (it's an Apache2):
"
<VirtualHost 10.1.144.3:80>
ServerName msexchange.xxxxxxx.com.br
UseCanonicalName On
ProxyVia On
ProxyRequests On
ProxyPass / http://10.2.144.4/
ProxyPassReverse / http://10.2.144.4/
ProxyPreserveHost On
ProxyPass /exchange/ http://10.2.144.4/exchange/
ProxyPassReverse /exchange/ http://10.2.144.4/exchange/
ProxyPass /exchweb/ http://10.2.144.4/exchweb/
ProxyPassReverse /exchweb/ http://10.2.144.4/exchweb/
</VirtualHost>
"

Regards,

Fabiano Felix

Report this message