Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- mod_proxy and POST bug in Apache?
- Allen Kistler
August 12, 2009, 7:23 am
rate this thread
connect to them. As a user, you agree to that. That's not a problem
for me, but it pointed out something recently.
I run Apache 2.2.11 with mod_proxy. I only allow, or so I thought,
proxy connections from internal hosts. ProxyRequests is Off for my
virtual server that faces the Internet. Freenode checks for that.
When they scanned me, my Apache correctly responded 405 to their CONNECT
request for a non-local URL, but it happily responded 200 to their POST
request for a non-local URL. POST scanning from them is new within the
I've been unable to find any mention of this behavior of httpd on the
web, including apache.org and BugTraq, the two (I think) most obvious
places to check.
It seems logical to me that Freenode now does this scan because they
know something. But other than discovering I'm vulnerable to it, I
haven't been able to find anything about it.
It seems like an Apache bug to me. What does anybody know?
- » Secured: yet another stupid Process and Filesystem monitoring tool
- — Next thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security