[Triumf-linux-managers] FYI - access control issues in Apache 2.2 -> 2.4
Andrew Daviel
advax at triumf.ca
Wed May 8 15:17:09 PDT 2019
A gotcha in Apache configuration -
I just had a complaint from Sony, which after investigation boiled down
to this:
In Apache 2.2, you would write
<Proxy *>
Order deny,allow
Deny from all
Allow from xxx.triumf.ca
</Proxy>
In Apache 2.4, you write
<Proxy "*">
Require host xxx.triumf.ca
</Proxy>
Upgrading from Centos 5 to 7 pushed Apache to 2.4.
The old 2.2 syntax doesn't stop httpd starting, but it doesn't do
anything, either. The system became an open web proxy.
(All those "GET http://..." and "CONNECT xxxx..." in access_log, if they
get 200 status instead of 403. I guess people are constantly probing for
open proxies)
--
Andrew Daviel
Tel. +1 604 222 7376 (Pacific Time)
Network Security Manager
TRIUMF - Canada's particle accelerator centre
More information about the Triumf-linux-managers
mailing list