• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Referer spam vs mod_security

So now that you have modsecurity working, this seems to confirm Apache was configured as a proxy. Now you should see alot of those requests as "denied" in the error log and audit logs.

Apache can include many many configuration files, so it could be nested pretty deep somewhere.
 
Ok, something else I found that bugged me. it appears that goDaddy VS does not run the psa-firewall properly as per this thread

http://forum.swsoft.com/showthread.php?s=&threadid=30203

I've looked at my boot.log and it said psa-firewall: service is disabled.

I ran iptables --list to find out that I had no rules at all. So I was barenaked on the net. Scary thoughts.

Anyway, with the assistance of Jack D. from http://kicktheweb.com, I have set somes firewall rules that fit my needs. The first thing I do is to check if ip_forward is enabled if so, I disable it.

And it was enable. So I guess, Apache was really configured as a proxy.

Hopefully, these new setiings should bring me peace of mind. I will nevertheless, keep a close look at my logs and adjust everything accordingly.

One thing I tried without success was to add IP's in the /etc/hosts.deny file. It seems that it does not filter anyhting from this file. I guess it has something to do with tcpd not running. The tcpd files are there, but I dont see it anywhere in my chkconfig --list or in my processes.

I will look into it another day.

Another thing I'd like to get runnning is the APF firewall and BFD from rxfnetworks.com. So far everything I tried did not work on my fc2 with plesk 7.5.4 box. It would be easier to have this nifty utility banning ip automatically.

Once again Thanks wagnerch for all your input.
 
I use a custom iptables firewall on the machine, plus I have an upstream firewall with my ISP. So needless to say I do not use psa-firewall.

Packet-level forwarding is a different problem from a proxy server, so the two are not really related.

Apache doesn't honor the /etc/hosts.deny file, this is only honored by tcpd processes (normally running via inetd). In any case it is a poor solution to the problem, a firewall is a much better solution.
 
Back
Top