I’ve been beating my head against a wall for the last week on this and could use some assistance.
My server/IP got listed on dronebl as having an unsecured HTTP proxy, of which I haven’t intentionally enabled, or even changed any configurations that even touch apache to allow for this. I think I’ve included the pertinent information below, please let me know if I can/need to provide anything else.
- OS: CentOS 7.2.1511
- Kernel: Linux 3.14.32-xxxx-grs-ipv6-64 on x86_64
- Virtualmin: 5.04 GPL
- Webmin: 1.810
- Apache: Server version: Apache/2.4.6 (CentOS)
Currently /etc/httpd/httpd.conf has NO directives/entries/configs/options that relate to or have “Proxy” at all, absolutely none.
The ‘default’ vhost that the reverse DNS entry points to has “Website Proxy Settings” set to none (which aligns with no Proxy entries in httpd.conf). Checking with http://ping.eu/proxy shows this as an open proxy, however, if I enable the proxy website and set the url to http://server.local, it no longer reports as an open proxy, HOWEVER, apache fails to serve actual pages with a 503 proxy error returned.
I have checked the running httpd processes and any process that could be running on port 80, the only thing running is httpd, which appears to be the current default (and correct) version of httpd that is installed on the server, loading the appropriate config files.
This is largely a vanilla virtualmin installation with no customizations applied.
I’m not sure if this is just a configuration issue that I’ve managed to mess up to cause these issues or if this server has somehow been compromised, but I’d like to get to the bottom of this. Another server I’m running with Virtualmin, largely identical configurations, is not reporting as an open proxy.
The closest thing I’ve found to my issue is this, but it’s 7 years old and it appears that some of Apache’s configs/mod/options have changed: https://www.virtualmin.com/node/9666
Thanks in advance for any insight you may have!