How come I see requests for other sites appearing inside my log files?

How come I see requests for other sites appearing inside my log files?

That isn’t encouraged, since it is about certain not to ever offer the put protection you believe your getting

Machine: Bob’s grateful HTTPd Host to carry out this, you will want to customize the Apache provider code and reconstruct Apache. The actual method of carrying this out was kept as a workout for the viewer, once we are not thinking about working out for you take action that’s intrinsically an awful idea.

.142 – – [25/: -0700] “GET HTTP/1.0” 200 1456 issue is: the reason why did a request yahoo reach your own machine instead of Yahoo’s host? And just why do the responses has a status signal of 200 (achievement)?

This is usually the result of qeep harmful customers wanting to exploit open proxy servers to gain access to a web page without exposing their correct venue. If you find entries along these lines inside wood, one thing to manage is always has precisely configured their machine not to ever proxy for not known clients. Unless you need certainly to offer a proxy machine after all, you will want to simply ensure that the ProxyRequests directive just isn’t ready on. Should you must operated a proxy servers, then you certainly must be sure that you protected your servers properly so just authorized clients may use they.

In the event the machine is actually set up correctly, then the try to proxy during your server will do not succeed. If you see a status signal of 404 (document maybe not discover) in log, then you certainly know that the consult were unsuccessful. If you see a status signal of 200 (triumph), that does not suggest the attempt to proxy succeeded. RFC2616 area 5.1.2 mandates that Apache must accept needs with total URLs into the request-URI, actually for non-proxy desires. Since Apache has no option to know-all various names that your server es it does not know. As an alternative, it’ll serve desires for unidentified web sites in your area by stripping off of the hostname and making use of the standard server or virtual number. Therefore you’ll examine the dimensions of the file (1456 during the earlier instance) into sized the corresponding file inside default server. If they’re similar, then your proxy effort unsuccessful, since a document from your machine got delivered, not a document from yahoo.

If you wish to stop this particular demand totally, then you will want to allow Apache know what hostnames to simply accept and exactly what hostnames to reject. You will do this by configuring name-virtual hosts, where in fact the earliest detailed variety will be the default host that’ll get and deny not known hostnames. For instance:

Just how do I let CGI delivery in web directories other than the ScriptAlias?

Apache understands all data in a directory site known a ScriptAlias as being eligible for delivery rather than processing as regular paperwork. This can be applied no matter the document title, very scripts in a ScriptAlias index don’t need to feel called “*.cgi” or “*.pl” or whatever. This means, all records in a ScriptAlias directory include texts, so far as Apache is concerned.

To persuade Apache to perform texts in other places, such as for instance in web directories in which regular files could also living, you need to tell they how to recognize them – and in addition that it is fine to execute them. Because of this, you need to use something similar to the AddHandler directive.

In the right part of their host setup files, include a range eg AddHandler cgi-script .cgi The server will then notice that all documents where venue (as well as its sensible descendants) that end up in “.cgi” is script data, maybe not documents.

Leave a Reply