Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Securing Apache Server at port 8080

 
Deep Nair
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi - I have a linux server configured with a major cloud service provider and I had installed a web app on Tomcat Server and also configured Apache as a proxy at port 8080 for my web site. Just yesterday when i logged into my cloud account, i found that the total bandwidth in and out is about 90GB though i had never used this much GB. When I inquired with the clould support folks they told me the below

It looks like you have port 8080 open as a http proxy Someone probably found that and has been using that.


What does this mean ? How can someone else use my apache server's port 8080 for their purpose ? How can i prevent this ? I have stopped my server at this point to avoid further misuse.

Please suggest.

Thanks, Deepna
 
Philip Thamaravelil
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Deep, Why are you using apache as a proxy?

A proxy can be used to tunnel network traffic through your server, which explaind the bandwidth problem.
You most likely have a basic insecure proxy server configured that is being connected to by anonymous users.


Cheers,
Philip
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18276
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Google for "Open Proxy".

Internet abusers will exploit an insufficiently-secure proxy server in a number of ways. One of them is to hide their origins while spamming. You can see this in the Apache access logs because there will be a lot of URLs for foreign domain names, usually ending with ":25", which is the Well Known Port ID of the SMTP mail protocol.
 
Deep Nair
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Philip - I used a proxy so that later on I can turn this proxy to a firewall proxy but in my initial setup - i did a mistake of not making it secure.
Tim- yes I need to check the logs in Apache, I understand the default path is

Thanks,
Deepna
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18276
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Look at access_log, instead. Unfortunately, if someone is successfully using you as a spam relay, it won't be an "error".
 
Deep Nair
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim, I had configured my proxy as below i.e with ProxyRequests On which in one way makes my Apache Proxy as a Forward Proxy. Also I had an "Allow from all" so everyone had access to hit and use this as a "Forward Proxy"


Now to fix the issue - will the below two steps suffice i.e
-- Convert the Forward Proxy to Reverse Proxy i.e. by setting Proxy Requests to Off
-- Setup Allow from a particular url name
The code will look similar to below


Will this work to make the Server secured ?

Thanks,
Deepna
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic