www.talios.com

mod_proxy considered harmfull

I got an email the other day from my mum saying "havn't had any email for awhile, any problems?" and my first thought was that she was just doing the concerned mom thing, so I replied saying I'd just been really busy with work. No response..... then today I got another email "we're still not getting ANY email" - mmm, that sounds more like a problem.

A quick look at my postfix logs showed that yes, mail to mums ISP wasn't being delivered, the ISP was just silently dropping connections from my IP. Other machines on the network were fine... mmmmm. A quick check online found that out of 120 blocklists, I appeared on 1.

Following up the Distributed sender black list I see I was submitted/entered last week for HTTP POST/GET relaying.

Awhile ago I'd been playing with mod_proxy on my webserver, and ended up removing the references to the proxy in the vhosts, but leaving mod_proxy enabled. Without any config, it seems ANYTHING is proxied.

The Apache security list has a post on working around this.

Comments (0)