strange access.log related to acpache proxy

Posted on

strange access.log related to acpache proxy – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, apache-2.4, log-files, mod-proxy, .

It might be simple but i can’t understand the meaning of this line

171.13.14.46 – – [06/Apr/2019:12:24:44 +0000] “CONNECT 133.130.126.119:43 HTTP/1.1” 302 406 “-” “RPS/HTTP PROXY”

is it something to worry about because i have mod_proxy active and mod_proxy_fcgi and how to avoid this in case it’s bad like with fail2ban or something.
note that i can’t disable mod_proxy and mod_proxy_fcgi because it’s related to some http2 needed to be work, Thanks

It means the HTTP client from IP address 171.13.14.46 used your Apache server configured as a proxy to connect to a server at IP address 133.130.126.119 but over port 43 which is not normal HTTP port, but the one for whois.

If you do not want your proxy used by everyone (as a proxy is normally reserved for some local traffic, but this has not to be misunderstood by a reverse proxy which on the contrary is open to the public), then you need to configure Apache to restrict its use, based on the client IP or other identifier.

Have a look at http://httpd.apache.org/docs/2.4/mod/mod_proxy.html:

You can control who can access your proxy via the control
block as in the following example:

<Proxy "*">
     Require ip 192.168.0
</Proxy>

For more information on access control directives, see mod_authz_host.

Strictly limiting access is essential if you are using a forward proxy
(using the ProxyRequests directive). Otherwise, your server can be
used by any client to access arbitrary hosts while hiding his or her
true identity. This is dangerous both for your network and for the
Internet at large. When using a reverse proxy (using the ProxyPass
directive with ProxyRequests Off), access control is less critical
because clients can only contact the hosts that you have specifically
configured.

Leave a Reply

Your email address will not be published.