From: Richard DeShong (rdeshong@uclink.berkeley.edu)
Date: Mon Aug 18 2003 - 17:13:33 PDT
I do not know what's going on, but I wanted to take this opportunity to
mention a security issue I found with web proxies (UC network security
already knows about this). A few years ago I installed WebStar. The
default config is to turn on the Proxy server with no limitations. About
1.5 yrs later, performance dipped, and on investigation I found that my
proxy server was being used to serve all kinds of info. From this, I've
come up with the following rule:
If you do not have any local users that are config'd to use your proxy (for
performance or management reasons), then turn it off. Otherwise, make sure
to limit access to only your local users.
Maybe someone from CNS or similar has a more complete set of recommendation
for proxy servers.
-- Richard DeShong, Programmer / Analyst Athletic Study Center, U.C.Berkeley 169 Chavez Student Center, Berkeley, CA 94720, USA (v)510-642-5123, (f)510-643-8545, http://asc.berkeley.edu -----Original Message----- From: owner-magnet-list@uclink4.berkeley.edu [mailto:owner-magnet-list@uclink4.berkeley.edu]On Behalf Of Paul B. Glaser (by way of MAGNet mailing list administrator) Sent: Monday, August 18, 2003 4:38 PM To: magnet-list@uclink4.berkeley.edu Subject: [MAGNet] Apache Weblogs on OS X I have been using the built-in Apache implementation in OS X to serve up photos and a few pages for my friends. I tail -xf my /var/log/access_log frequently. I get my fair share of junk requests that usually get bounced with a 404. Lately, however, i've been seeing log entries like this: 218.95.131.87 - - [17/Aug/2003:07:47:12 -0700] "GET http://www.google.com/ HTTP/1.1" 200 1456 I'm a little confused as to what this means. I'm certainly not google, nor am I serving up any pages that look like this. Nonetheless, these requests get code 200. Is someone using my box as a proxy or something? What's going on here? http://graymatter.cchem.berkeley.edu/~pglaser PG ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about MAGNet, its meetings and events, and its mailing list, including information on subscribing and unsubscribing, see the MAGNet Web site at <http://magnet.berkeley.edu/>. ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about MAGNet, its meetings and events, and its mailing list, including information on subscribing and unsubscribing, see the MAGNet Web site at <http://magnet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Mon Aug 18 2003 - 17:17:55 PDT