Proxying with Apache2 on Ubuntu

Filed under: tinkering,ubuntu,webcam — jaydublu @ 4:01 pm

Further to earlier problems with using Apache2 on Ubuntu to proxy web requests to devices inside my local network, I think I’ve now sussed it.

Specifically, I’m trying to get Apache to enable external access to a webcam inside my network, where for some reason I can’t enable access to it directly using my router.

I’m now relatively confident that the appropriate way to do it is to enable mod_proxy and mod_proxy_http with sudo a2enmod proxy_http, this then allows use of ProxyPass directive within a vhost for example:

ProxyPass /webcam

A little knowledge is a dangerous thing

Filed under: tinkering,trundle,ubuntu — jaydublu @ 1:32 pm

I like to think I know a little bit about most things surrounding the Internet, and whilst not claiming to be an expert I like to think I’m at least competent in most things I turn my hand to.

But every now and then I get caught out, and reminded how dangerous it can be to tinker with things you don’t fully understand – there are some people out there with far too much time on their hands.

As part of my Trundle project, I attempted to make a webserver running on the beast’s eventual operating system available to the public Internet – not for public consumption mind, but so I can see it when I’m out and about. Now I didn’t want to put the whole thing on a public IP address, just a little bit of it – and apart from anything else I’ve already got an externally available webserver on my Internet connection.

So my idea was to use mod_rewrite to proxy a set of urls to the internal server’s private IP address. I’m sure it’s something I’ve done before in other Apache instances, and it sounded feasible, but for once Ubuntu fought back a bit. Still, I felt I’d prevailed.

Now it turns out I’d opened up a vulnerability to someone, somewhere, to do something with my network. It was cunningly disguised in that the traffic wasn’t enough to be hugely obvious, but I was playing with awstats and got curious about some odd traffic.

It turns out I’d unintentionally configured my webserver to allow anyone to use it to proxy requests to anywhere else. Short of cloaking the eventual source (or destination?) of the traffic I can’t see what was gained – the requests seem mostly to have been for banners or clickthrus in flash game sites. I wasn’t hosting the files so nothing was gained in terms of bandwidth, and it doesn’t seem like a ddos attack.

Anyway, I’ve disabled the proxying functionality now, and checking the logs although I’m still getting the requests they now get a 403 response. I hope they’ll die out eventually, or will I have to get my fixed IP address changed do you think?