mod_proxy security

Posted by brad on Server Fault See other posts from Server Fault or by brad
Published on 2009-10-17T15:08:40Z Indexed on 2010/04/04 1:03 UTC
Read the original article Hit count: 550

Filed under:

mod-proxy

|

apache2

|

security

I'm on Debian Lenny using apache2. in my proxy.conf I tried adding

Allow from localhost

as suggested in some other forums to get proxying to work. Didn't work. It only worked if I say

Allow from all

My question is this. Are there any security implications to this Allow from all directive? Most people were saying to make this as limited as possible, but "all" is the client right? I want anyone regardless of their IP to be forwarded properly. Is there a better way to configure this?

© Server Fault or respective owner

Related posts about mod-proxy

How can I enable logging for requests going through mod proxy

as seen on Server Fault - Search for 'Server Fault'
Is there a way to log requests going through mod proxy? I need a way to debug my configuration, because I don't seem to be getting where I should be. I need the following information: headers of incoming requests what is being sent to the proxy target Maybe a related question: is there a way to… >>> More
Using modproxy to get around China's Great Firewall

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I'm using WIX service and I like it very much. However, one big problem is that some of my colleagues are in China but their IP is blocked. I'm wondering if modproxy can help me. I would like to setup a clean server (not blocked by the stupid Chinese government). Pointed the DNS cname to it… >>> More
Apache internal test servers

as seen on Server Fault - Search for 'Server Fault'
I want to build a test system in the office. On one box I will install XAMPP. I will put a website that I want to test on that box. Now I do not want it connected to the Internet. So my plan is to use a reverse proxy to resolve things like ads and other external links. So I am thinking of using mod_proxy… >>> More
502: proxy: pass request body failed

as seen on Server Fault - Search for 'Server Fault'
Sometimes I get the following error (in apache's error.log) when viewing my site over https: (502)Unknown error 502: proxy: pass request body failed to xxx.xxx.xxx.xxx:443 I'm not entirely sure what this is and why it happens, it's also not consistent. The request route is: Browser Proxy server… >>> More
Apache load balancer limits with Tomcat over AJP

as seen on Server Fault - Search for 'Server Fault'
Hi All, I have Apache acting as a load balancer in front of 3 Tomcat servers. Occasionally, Apache returns 503 responses, which I would like to remove completely. All 4 servers are not under significant load in terms of CPU, memory, or disk, so I am a little unsure what is reaching it's limits or… >>> More

Related posts about apache2

apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded Ubuntu to the latest LTS edition on my work laptop, which I use as a LAMP development platform. The upgrade was from 12.4 to 14.4. Now I'm having trouble getting apache up and running again. Here is the output from an attempt: antonc@antonc-laptop:/etc/apache2$ sudo service apache2… >>> More
Apache segfault glibc segfault

as seen on Server Fault - Search for 'Server Fault'
I keep getting (about every 5-6 hours) this segfault in apache: [Tue Jun 26 12:43:10 2012] [notice] child pid 26810 exit signal Aborted (6) *** glibc detected *** /usr/sbin/apache2: free(): invalid pointer: 0xb68c2628 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb75aef22] /lib/i386-linux-gnu/libc… >>> More
Localhost not working after installing PHP on Mountain Lion

as seen on Server Fault - Search for 'Server Fault'
I've installed php using brew install php54 --with-mysql, I've set up all the path correctly. which php will give me /usr/local/bin/php php -v will give me PHP 5.4.8 (cli) (built: Nov 20 2012 09:29:31) php --ini will give me: Configuration File (php.ini) Path: /usr/local/etc/php/5.4 Loaded Configuration… >>> More
Apache 2 Virtual Hosts no working on OSX 10.6

as seen on Server Fault - Search for 'Server Fault'
This is my first MacBook and I'm trying to get virtual hosts up and running so as it's going to be my dev machine. I've got apache/php/mysql running fine, the problem is that what ever address I go to I just get one of the virtual hosts I've setup. I can't even get to the root site anymore. I had… >>> More
apache2 error Could not open configuration file /etc/apache2/conf.d/: No such file or directory

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have just upgraded my Ubuntu 13.10 and apache2 is not working. When I try to start the apache2 server it is printing following errors: * Starting web server apache2 * The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 263 of /etc/apache2/apache2.conf: Could… >>> More