Bug 92204

Summary: apache requests redirectable when using mod_proxy
Product: [Retired] Red Hat Linux Reporter: Alexander Dalloz <alex>
Component: apacheAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-06-04 07:31:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Alexander Dalloz 2003-06-03 20:21:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623
Debian/1.0.0-0.woody.1

Description of problem:
I was running Apache as a proxy in front of Zope server with mod_proxy. Tonight
I mentioned tons of mails going from my sendmail on same server to the world.
After investigation - my mail host only accepts AUTHed mail connects and only
localhost is relayed as is - I checked all VHost on the machine. Finally I found
out the VHost which causes to react to the outside requests with initiating
outgoing mails. It is the proxy VHost for Zope. All directives are well there. I
decided to exchange the ProxyPass rules against Rewrite rules and all went fine.
The outside requests are still in the apache log. now going to Zope, but nothing
happens, especially no mails are produced any more.

Version-Release number of selected component (if applicable):
apache-1.3.27-1.7.2

How reproducible:
Always

Steps to Reproduce:
1. in Apache VHost settings for proxying: 
ProxyRequests on
ProxyVia on
ProxyPass / \
http://localhost:8080/VirtualHostBase/http/vhost1.domain.tld:80/zope/VirtualHostRoot/
ProxyPassReverse / \
http://localhost:8080/VirtualHostBase/http/vhost1.domain.tld:80/zope/VirtualHostRoot/

2.starting Apache and getting the requests
As example one cached reqest:
root $ cat /var/cache/httpd/V4/Se/yT/gJ_0yLFDT8Kpd2jw 
000000003EDCF007 0000000000000000 000000003EDCFE17 0000000000000001
000000003EDCF007 000000003EDCF007 0000000000000969
X-URL: http://81.2.131.42:25/
Content-length: 4608
Content-type: application/octet-stream
Host: 81.2.131.42

HTTP/1.1 200 OK
Date: Tue, 03 Jun 2003 18:59:19 GMT

500 5.5.1 Command unrecognized: "POST / HTTP/1.1"
500 5.5.1 Command unrecognized: "Host: 81.2.131.42:25"
500 5.5.1 Command unrecognized: "Content-length: 4608"
500 5.5.1 Command unrecognized: "Content-type: application/octet-stream"
Host: 81.2.131.42

HTTP/1.1 200 OK
Date: Tue, 03 Jun 2003 18:59:19 GMT

500 5.5.1 Command unrecognized: "POST / HTTP/1.1"
500 5.5.1 Command unrecognized: "Host: 81.2.131.42:25"
500 5.5.1 Command unrecognized: "Content-length: 4608"
500 5.5.1 Command unrecognized: "Content-type: application/octet-stream"
500 5.5.1 Command unrecognized: "Via: 1.1 zaurus.jirina.de"
500 5.5.1 Command unrecognized: "Connection: close"
500 5.5.1 Command unrecognized: ""
250 mail.dscd.de Hello lamercamp.net [81.2.131.42], pleased to meet you
250 2.1.0 <benzie@ordercafe.net>... Sender ok
250 2.1.5 <lagamy@aol.com>... Recipient ok
250 2.1.5 <buster8369@aol.com>... Recipient ok
250 2.1.5 <phmillot@aol.com>... Recipient ok
250 2.1.5 <stgimpy@aol.com>... Recipient ok
250 2.1.5 <brendon2410@aol.com>... Recipient ok
250 2.1.5 <richfowler2k1@aol.com>... Recipient ok
250 2.1.5 <jdjr987@aol.com>... Recipient ok
250 2.1.5 <cwhocares40@aol.com>... Recipient ok
250 2.1.5 <vsarrasri@aol.com>... Recipient ok
250 2.1.5 <ryeguy444@aol.com>... Recipient ok
354 Enter mail, end with "." on a line by itself
250 2.0.0 h53IxJHR027968 Message accepted for delivery
221 2.0.0 mail.dscd.de closing connection
250 mail.dscd.de Hello lamercamp.net [81.2.131.42], pleased to meet you
250 2.1.0 <benzie@ordercafe.net>... Sender ok
250 2.1.5 <lagamy@aol.com>... Recipient ok
250 2.1.5 <buster8369@aol.com>... Recipient ok
250 2.1.5 <phmillot@aol.com>... Recipient ok
250 2.1.5 <stgimpy@aol.com>... Recipient ok
250 2.1.5 <brendon2410@aol.com>... Recipient ok
250 2.1.5 <richfowler2k1@aol.com>... Recipient ok
250 2.1.5 <jdjr987@aol.com>... Recipient ok
250 2.1.5 <cwhocares40@aol.com>... Recipient ok
250 2.1.5 <vsarrasri@aol.com>... Recipient ok
250 2.1.5 <ryeguy444@aol.com>... Recipient ok
354 Enter mail, end with "." on a line by itself

3. on maillog you can see the relayed outgoing mails. I expect anything else is
possible than just using the host as a spam relay.
    

Actual Results:  To every outside request mails are going out.

Expected Results:  The request should be proxied to the Zope server where they
should be ignored as no valid HTTP requests.

Additional info:

Comment 1 Mark J. Cox 2003-06-04 07:31:42 UTC
This happens because you used "ProxyRequests on" which enables generic proxying
capability.  There is no need to use "ProxyRequests on" to be able to use
"ProxyPass".  See http://httpd.apache.org/docs/mod/mod_proxy.html#proxyrequests
for details.