Is there a curl command that will validate if a server is acting as an open proxy?
I've tried
curl --proxy http://<my server>:80 http://yahoo.com
But the response from apache is:
Description: Could not process this "GET" request.
Asked
Active
Viewed 1.4k times
11
Will
- 362
- 1
- 3
- 11
-
10That should do it. That response means it's not acting as a proxy, on that port anyway. Had it been you should have received Yahoo's page (or proxy authentication, or some other proxy response). – squillman Apr 15 '14 at 17:51
-
You should also try proxying to an https site, http/https are implemented differently. The apache proxies I've used don't work like this btw, the remote (proxied) server is specified in a config somewhere. It's like for when you want a page from a random server to appear on your main site or something. – Some Linux Nerd Jun 23 '16 at 01:28
-
curl --proxy http://
:80 https ://mail.google.com #<--- https – Some Linux Nerd Jun 23 '16 at 01:30 -
Aside from the tests suggested above you can just check your configuration. To configure Apache as a forward proxy requires "ProxyRequests On" (it defaults to off). It can only be enabled at the global (Server) or virtual host level, so you don't need to search htaccess files. – Unbeliever Sep 27 '16 at 10:55
2 Answers
2
The simple answer is this, if you have ProxyRequests On (defaults to off) somewhere in your configuration then you might be running an open proxy, if you do not then you are not, at least from the Apache configuration side of things.
If you are still getting 200 OK entries in your access log for requests that look like forward proxy requests, it is probably because you have catchall rewrites that maps any request to a controller no matter what it looks like. You could probably add conditions to prevent this if you are worried.
Unbeliever
- 2,336
- 1
- 10
- 19
2
You may verify it by using Telnet:
telnet yoursite.example.com 80
GET http://www.yahoo.com/ HTTP/1.1
Host: www.yahoo.com
Marc-Andre Champagne
- 86
- 2