To the best of my knowledge, I have all the mod_proxy stuff disabled on my Apache production server. What's a reasonable way to test or confirm that? Looking at my httpd.conf I can tell you that any line that has "proxy" in it is commented, for what that's worth.
Reason I ask is that I saw this stuff in my logwatch report this morning:
Connection attempts using mod_proxy:
81.88.124.30 -> 64.12.202.116:443: 1 Time(s)
81.88.124.30 -> 64.12.202.15:443: 1 Time(s)
81.88.124.30 -> 64.12.202.1:443: 1 Time(s)
81.88.124.30 -> 64.12.202.22:443: 1 Time(s)
81.88.124.30 -> 64.12.202.29:443: 1 Time(s)
81.88.124.30 -> 64.12.202.36:443: 1 Time(s)
81.88.124.30 -> 64.12.202.43:443: 1 Time(s)
81.88.124.30 -> 64.12.202.50:443: 1 Time(s)
81.88.124.30 -> 64.12.202.8:443: 1 Time(s)
Requests with error response codes
403 Forbidden
64.12.202.116:443: 1 Time(s)
64.12.202.15:443: 1 Time(s)
64.12.202.1:443: 1 Time(s)
64.12.202.22:443: 1 Time(s)
64.12.202.29:443: 1 Time(s)
64.12.202.36:443: 1 Time(s)
64.12.202.43:443: 1 Time(s)
64.12.202.50:443: 1 Time(s)
64.12.202.8:443: 1 Time(s)
Not something that's normally in my reports. So it looks like he got 403'd on the attempts, which I guess is good. But what made him feel it was worth a try?
Best Answer
Maybe he/she/it was trying to figure out if it was worth a try. It costs them nothing to just send a proxy request to a server and see if it works, so usually they send out these requests indiscriminately.
FYI one surefire way to make sure mod_proxy is disabled is to make sure the line
is commented out. It should only occur in the configuration files once, but it wouldn't hurt to grep for it to make sure. Also, you can run
(or perhaps some equivalent for your system, on mine it's
/etc/init.d/apache2 modules) to list the loaded modules and verify that the proxy module is not in the list.