I am currently receiving lots of spam hits which are captured by my apache server and responded 404, e.g.
23.19.31.54 - - [06/Nov/2012:11:54:28 +0000] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=728x90§ion=2687744&pub_url=${PUB_URL} HTTP/1.0" 404 1367 "http://wealthterritory.com/index.php?view=article&catid=41%3Aservices&id=4812%3A2011-07-06-13-26-55&format=pdf&option=com_content&Itemid=97" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
However this is resulting in lot of bandwidth usage. I am wondering if I can allow requests for only particular domains for e.g. if request comes for abcd.com then only allow the request.
P.S: I also tried blocking the IPs in iptables but it doesn't work since requests start coming from other IPs.
Please advice.
Thanks!
Since no one has answered, and I found the solution long back (forgot to answer here), I would post the solution as well. The solution was to switch off the proxy for everyone else and allow access only to the site.
<VirtualHost *:80>
ServerName deny.all
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName www.myserver.com
ServerAlias www.myserver.com myserver.com ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
This resulted in 403 to all the spam requests, which is shown as follows in apache logs -
173.208.94.246 - - [07/Nov/2012:11:47:47 +0000] "GET http://ad.scanmedios.com/st?ad_type=iframe&ad_size=300x250§ion=3522632 HTTP/1.0" 403 287 "http://piecehealth.com/index.php?option=com_content&view=article&id=5935:2012-01-07-16-34-29&catid=40:health-fitness&Itemid=96" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.04 Chromium/14.0.804.0 Chrome/14.0.804.0 Safari/535.1"
Related
i need help for a problem.
Before someone complain. I have post the same question in another forum but i didn't get any useful help there.
https://community.oracle.com/tech/developers/discussion/4497783
I have seen there are a lot of things if i search by google but i am a total newbie so i hope that someone could help me.
I have a dedicated Server with apex running. I have point a domain to my apex application, so far , so good.
Now i have the url like following www.mydomain.com/apex/workspace_name/r/application
What i want to do is, that the user don't see the part "/apex/workspace_name/r" when he is working with the application.
Is there a relative easy way to do that? Something like .htaccess?
Many thanks and regards,
Andreas
Using an Apache HTTPD web server to reverse proxy your APEX connections, you can use the ProxyPass and ProxyPassReverse directives of the mod_proxy module to alter URL paths that the user sees:
ProxyPass /r /apex/workspace_name/r
ProxyPassReverse /r /apex/workspace_name/r
See the Apache documentation for more details: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
In my case, I used the mod_proxy_ajp module to communicate with the cluster of Tomcat application servers running ORDS, as follows:
#######################################################
#
# APEX Virtual Host
#
#######################################################
<VirtualHost 192.168.1.101:443>
# General setup for the virtual host
DocumentRoot "/var/www/html"
ServerName apps.mydomain.com
ServerAdmin root#localhost
ErrorLog "/etc/httpd/logs/apex.ssl_error.log"
# Redirect root URL to a default application
RedirectMatch ^/$ /ords/f?p=200
... other directives here ...
<IfModule mod_proxy_ajp.c>
ProxyRequests Off
ProxyPreserveHost On
<Proxy balancer://ords_balancer>
BalancerMember ajp://appserver1:8009 route=server1
BalancerMember ajp://appserver2:8009 route=server2
</Proxy>
# Redirect /ords to the load balancer
ProxyPass /ords balancer://ords_balancer/ords stickysession=JSESSIONID|jsessionid
ProxyPassReverse /ords balancer://ords_balancer/ords
ProxyPassReverseCookiePath /ords /
# Redirect /i to the load balancer
ProxyPass /i balancer://ords_balancer/i stickysession=JSESSIONID|jsessionid
ProxyPassReverse /i balancer://ords_balancer/i
<Proxy *>
Order deny,allow
Deny from none
Allow from localhost
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
</IfModule>
</VirtualHost>
I am using a Spring Boot fat jar for serving backend and static files. I need to let it run behind an apache2. But I am getting the malicious string errors for "//" from the firewall:
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "//"
at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlacklistedUrls(StrictHttpFirewall.java:369) ~[spring-security-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:336) ~[spring-security-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194) ~[spring-security-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
...
My application properties are:
server:
port: 9001
address: 127.0.0.1
forward-headers-strategy: framework
And my apache2 virtual host is:
<VirtualHost *:80>
ServerName XXX
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
ProxyPass / http://localhost:9001/
ProxyPassReverse / http://localhost:9001/
RewriteEngine on
RewriteCond %{SERVER_NAME} =XXX
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Where "XXX" is the servername.
What am I missing here? I don't really want to reconfigure the firewall because I think there must be a solution without changing it.
To answer my question: I forgot to change the ssl confgiuration with:
<VirtualHost *:443>
...
</VirtualHost>
So if you have the same problem it may be the missing changes in the right config.
I'm stuck with my Apache-config and appreciate any help on this.
The config is like this:
The Apache redirects all http traffic to https
It proxies requests like https://domain.tld/app1 to http://domain.tld:9000/app1 (play apps are running at app-context /app*/...)
This works very well with the following Apache-config:
<VirtualHost *:80>
ServerName domain.tld
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://domain.tld/
Redirect permanent / https://domain.tld/
</VirtualHost>
<VirtualHost _default_:443>
#ssl-config here
<Proxy http://localhost:9000/*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /app1 http://domain.tld:9000/app1
ProxyPassReverse /app1 http://domain.tld:9000/app1
ProxyPassReverse /app1 http://domain.tld/app1
</VirtualHost>
The problem ist, that one play-application got a WebSocket added. Which isn't working with the above setup. So I read the stuff on the play-pages. Which led me to install mod_proxy_wstunnel. I also add the following lines to the config, but had no success with that:
ProxyPass /app1/timerWs ws://domain.tld:9000/app1/timerWs
ProxyPassReverse /app1/timerWs ws://domain.tld:9000/app1/timerWs
When I'm trying to connect to https://domain.tld/rlc/timerWs I got an 500 Internal Server Error, but there are no new, more specific errors in the apache error log.
How can I configure Apache to proxy WebSocket requests properly to my play applications?
My play-apps do not have https-adapters. All the https stuff is done by the Apache-proxy.
Play-apps are on version 2.5.
Apache is on 2.4.7.
Thanks a lot for your help.
Tobias
I have solved the issue now. What did the trick was to set-up https not only on the Apache, but also on Plays application server Jetty. To do so see this link. This leads to another ProxyPass address (notice the wss instead of ws):
ProxyPass /app1/timerWs wss://domain.tld:9000/app1/timerWs
ProxyPassReverse /app1/timerWs wss://domain.tld:9000/app1/timerWs
I also had to change the WebSocket address in my Javascript, to let the Browser know, where to find the WebSocket-Backend.
$(function() {
var WS = window['MozWebSocket'] ? MozWebSocket : WebSocket
var dateSocket = new WS("wss://domain.tld/rlc/timerWs")
var receiveEvent = function(event) {
$("#timer").html(event.data);
}
dateSocket.onmessage = receiveEvent
});
Before that I used a Play-route #routes.Application.timerWs().webSocketURL(request) to address the WebSocket.
I'm trying to set up a proxy to our existing site under a different URL. I use mod_proxy to make http://z-m-s.co.uk appear to be http://dev1.zaomengshe.com.
Problem is when we come to redirect to a payment gateway. The redirect header is also changing mapi.alipay.com to z-m-s.co.uk.
I didn't even realise mod_proxy would change headers like that, and I don't understand why it would modify headers outside either of our domains.
Can someone explain how to turn off modification of headers? We don't have any internal redirects so it's OK to turn it off completely, although better would be to have it modify internal redirects while leaving external redirects intact.
Here's my configuration:
<VirtualHost *:80>
ServerName z-m-s.co.uk
ProxyRequests off
ProxyPass / http://dev1.zaomengshe.com/
<Location />
ProxyPassReverse /
ProxyHTMLEnable On
RequestHeader unset Accept-Encoding
</Location>
Substitute "s|dev1.zaomengshe.com|z-m-s.co.uk|iq"
SetOutputFilter SUBSTITUTE
LogLevel debug
CacheEnable disk /
CacheRoot "/var/cache/mod_proxy"
CacheDirLevels 3
CacheDirLength 5
CacheIgnoreCacheControl On
CacheMaxFileSize 100000000
CacheIgnoreNoLastMod On
CacheMaxExpire 1209600
CacheIgnoreQueryString On
</VirtualHost>
Turns out that I just didn't know what ProxyPassReverse does. It's exactly responsible for modifying redirects. So just removing that line did the trick.
iv'e been looking through and am trying to find a solution to force HTTPS on apache-reverse-proxy behind AWS ELB without success.
my sites-enabled config file looks like this.
<VirtualHost *:80>
ServerAlias *.domain.net
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} http
RewriteRule https:// %{SERVER_NAME}%{REQUEST_URI} [R=301,L]
ProxyPass / http://{10.10.10.21}/
ProxyPassReverse / http://{10.10.10.21}/
</VirtualHost>
however i never get any redirect back to the browser when i hit the server on port 80. the proxypass and reverse are kicking in, but not the redirect.
i see that by enabling rewrite-trace level 8 as follows:
ive been on this for too long now....
any help will be greatly appreciated!