Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   Update request for Admin Guide, posted by Justin Dieters on Tue Nov 18 23:19:57 2003 
    icon4.gif   Re: Update request for Admin Guide, posted by Stefan Ritt on Thu Nov 20 17:51:53 2003 
Message ID: 452     Entry time: Tue Nov 18 23:19:57 2003     Reply to this: 454
Icon: Warning  Author: Justin Dieters  Author Email: enderak@yahoo.com 
Category: Comment  OS: Linux  ELOG Version: 2.3.9 
Subject: Update request for Admin Guide  
Heya, I've been using elog for a year or so, with a proxy through Apache,
but recently I've ran into some trouble with my Apache config, where
spammers were using my incorrectly configured proxy to send spam.

I have
some requests for the Administrator's Guide: "Running elogd under Apache". 
I'm hoping a few little notes will save others the trouble I've gone
through. Neither of these are any fault of elog's or Apache's, but of my own
ignorance. (I am using elog 2.3.9, and Apache 2.something, if that matters)

1) When doing "ProxyPass ..." when setting up elog under Apache, do NOT put
"ProxyRequests On".  This is not needed, if it is enabled and not set up
correctly, it allows spammers to send spam via Apache's proxy.  More
information on this is here: http://www.apacheweek.com/issues/03-07-25,
about halfway down the page, under "Spammers use open Apache proxies"

Even though it doesn't mention ProxyRequests in the guide, I think there
should be a little side note mentioning that "ProxyRequests On" is NOT
needed, because I put it in, thinking it was - I am probably not the only one.

2) I have found that mod_proxy_http.c must be loaded in addition to
mod_proxy.c and mod_alias.c for the proxy to work, otherwise I get a 403
error.  I think this should be mentioned as well.
ELOG V3.1.5-3fb85fa6