1. 首页
  2. 问答
  3. Apache被入侵了吗?没有协议处理程序是有效的网址yandex.ru

Apache被入侵了吗?没有协议处理程序是有效的网址yandex.ru

2017-02-17 93 views
-1

我最近收到来自亚马逊(AWS)的滥用报告,说我的服务器试图登录论坛等。当我看到我的错误日志,我的线,线:Apache被入侵了吗?没有协议处理程序是有效的网址yandex.ru

[proxy:warn] [pid 2916:tid 1668] [client 82.117.234.134:6152] AH01144: No protocol handler was valid for the URL yandex.ru:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. 
[proxy:warn] [pid 2916:tid 1668] [client 120.132.54.62:58004] AH01144: No protocol handler was valid for the URL www.baidu.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. 
[proxy:warn] [pid 2916:tid 1672] [client 188.173.26.212:52049] AH01144: No protocol handler was valid for the URL l9bjkkhaycw6f8f4.soundcloud.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. 
[proxy:warn] [pid 2916:tid 1668] [client 104.199.176.143:56048] AH01144: No protocol handler was valid for the URL www.amazon.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. 
[proxy:warn] [pid 2916:tid 1744] [client 119.97.174.200:3700] AH01144: No protocol handler was valid for the URL zhifu.99.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. 
[proxy:warn] [pid 2916:tid 1712] [client 113.189.16.238:60122] AH01144: No protocol handler was valid for the URL s.youtube.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

我的httpd-vhosts.conf配置有:

<VirtualHost *:80> 
    ServerName demo.mysite.com 
    DocumentRoot "D:/sites/mysite/www/" 
    <Directory "D:/sites/mysite/www/"> 
     AllowOverride All 
     Require all granted 
    </Directory> 
    ProxyPreserveHost On 
    ProxyPass "/data" "http://localhost:8080/data/" 
    ProxyPassReverse "/data" "http://localhost:8080/data/" 
    Header set Access-Control-Allow-Origin "*" 
    ErrorLog "logs/demo.mysite.com-error.log" 
    CustomLog "logs/demo.mysite.com-access.log" common 
</VirtualHost>

启动服务器哪怕只是一分钟的创建关于300 +上述日志的行。这导致我几个问题:

  1. 我的服务器可能是错误配置或感染的东西?
  2. 我应该在哪里找出它是如何得到的?

UPDATE /编辑: 事实证明,我有ProxyRequests On因为一个教程说,我必须有它的反向代理工作。它现在被关闭(ProxyRequests Off),一切都很好。感谢Configuring mod_proxy for Apache to reject wrong domain requests

来源

2017-02-17 jrose

回答

0

请确保您不会混淆正向和反向代理。 ProxyRequests On适用于正向代理。如果您之后没有正确配置它,那么您的服务器就是全球的开放代理。这是什么导致所有日志都是使用您的(现在)代理服务器访问互联网的每个人。

对于反向代理,请确保您有ProxyRequests Off,然后按照其他配置添加ProxyPassProxyPassReverse

感谢Configuring mod_proxy for Apache to reject wrong domain requests,指出有可能在意外情况下将您的Apache服务器变成开放式代理服务器。

来源

2017-02-17 04:00:27 jrose

相关问题

 相关问题