Hi there,
I try to harden a virtual host against acting as proxy relay.
However running the command:
curl --proxy http://slovensko.ch:80 http://yahoo.com
does return the yahoos site, so I assume, that I failed.
Can anybody please point me to any mistake in the following configuration.
The site itself is generated using the zope/plone framework.
thanks
robert
#
# slovensko
# -------------------
#_robert_
<VirtualHost *:80>
DocumentRoot /var/www
ServerAdmin rob...@redcor.net
ServerName www.slovensko.ch
ServerAlias slovensko.ch
CustomLog /var/log/apache2/slovensko-access.log combined
ErrorLog /var/log/apache2/slovensko-error.log
LogLevel warn
ServerSignature On
Header set X-Frame-Options "SAMEORIGIN"
Header set Strict-Transport-Security "max-age=15768000;
includeSubDomains"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy-Report-Only "default-src 'self';
img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline'
'unsafe-eval'"
ProxyVia On
# prevent your web server from being used as global HTTP proxy
<LocationMatch "^[^/]">
Deny from all
</LocationMatch>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine On
RewriteRule "^proxy:[a-z]*://[^/]*:25(/|$)" "-" [F,NC,L]
# Normalize URLs by removing trailing /'s
RewriteRule /(.*)/$
http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1
[L,P]
RewriteRule ^/(.*)
http://127.0.0.1:9680/VirtualHostBase/http/www.slovensko.ch:80/slovensko/slovensko/VirtualHostRoot/$1
[L,P]
</VirtualHost>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
