-----Original Message-----
From: Ken Cole <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, May 03, 2001 9:55 PM
Subject: Apache Log Advice Please
>Hi All,
>
>I am sorry for asking this twice in two days but nobody answered last
>time and I am sure there is somebody out there who can help :)
>
>I have a standard RH5.2 server, standard apache 1.3.3
>The box is a gateway machine, NIC with 192.168.x.x address for lan and a
>ppp dial up with a real world address, 139.x.x.x
>Apache is configured to be a proxy server for the lan. Extensive
>firewall ruleset is in place using ipfwadm. IP forwarding/Masquerading
>is enabled.
>
>I found several entries in my apache log as follows:
>
>202.103.102.8 - - [03/May/2001:00:14:23 +1000] "GET
>http://www.homebookie.com/images/banners/homecasino.gif HTTP/1.0" 404
>298
>
I'm not an expert, but it does indeed look like someone is using your box to
proxy for them as well. Try blocking TCP connection packets from all but
your own private ip range. You might also want to review your firewall
ruleset, there must be a large gap in them to allow this. Good luck.
Jeff Hogg
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
