Apache accepting requests to other servers?

apache-2.2

I'm having problems with apache server (CentOS VPS at Amazon). When apache starts, it starts to receive hundreds of requests, this is an example of the log:

173.208.216.165 - - [25/Jan/2015:18:23:11 +0000] "GET http://go.padstm.com/resources/img/iebt.png HTTP/1.0" 200 36023 "http://go.padstm.com/?id=173374&t=iframe&var=33110" "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)"

The path /resources/img/iebt.png is in my server, but not go.padstm.com. The strangest thing is that apache is accepting all the requests. Other example: in this case, the entire resource is NOT in my server, but apache returns 200:

198.204.239.250 - - [25/Jan/2015:19:04:39 +0000] "GET http://fstads.com/show.php?z=26&pl=494&j=1&code=1422237874120 HTTP/1.0" 200 10819 "http://financezhen.com/?p=186#respond" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre"

I don't know why these requests goes to my server, or why it returns 200...

Also, when apache starts and module prefork is enabled, it launches multiple httpd processes. If worker module is enabled, it launches multiple threads. Ok, but in both cases apache ends up consuming all the CPU and memory of the server, and there is not traffic directed to my server.

More info: ProxyRequests is Off. Also: I'm using ip-based vhosts:

NameVirtualHost xxx.xxx.xxx.xxx:80

<VirtualHost xxx.xxx.xxx.xxx:80>
    ServerName mydomain.com
    ServerAlias www.mydomain.com
    DocumentRoot /var/www/html/w3prod
    ServerAdmin admin@localhost
    UseCanonicalName Off
    CustomLog /var/log/httpd/w3prod.mydomain.com combined
    ErrorLog /var/log/httpd/w3prod_error.mydomain.com
</VirtualHost>
<VirtualHost xxx.xxx.xxx.xxx:80>
    ServerName picfarm.mydomain.com
    ServerAlias www.picfarm.mydomain.com
    DocumentRoot /var/www/html/picfarm
    ServerAdmin admin@localhost
    UseCanonicalName Off
    CustomLog /var/log/httpd/picfarm.mydomain.com combined
    ErrorLog /var/log/httpd/picfarm_error.mydomain.com
</VirtualHost>
<VirtualHost xxx.xxx.xxx.xxx:80>
    ServerName test.mydomain.com
    ServerAlias www.test.mydomain.com
    DocumentRoot /var/www/html/engine-test
    ServerAdmin admin@localhost
    UseCanonicalName Off
    CustomLog /var/log/httpd/test.mydomain.com combined
    ErrorLog  /var/log/httpd/test_error.mydomain.com
    ProxyRequests Off
    ProxyPreserveHost On
    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>
    ProxyPass /bosh http://xxx.xxx.xxx.xxx:7070/http-bind/
    ProxyPassReverse /bosh http://xxx.xxx.xxx.xxx:7070/http-bind/
    ProxyPass / http://xxx.xxx.xxx.xxx:8080/
    ProxyPassReverse / http://xxx.xxx.xxx.xxx:8080/
</VirtualHost>

Any help would be appreciated. Thanks!


Solution 1:

The problem here is that somebody has set up a DNS record of their own domain, and pointed it to your IP instead of their own server's IP. There is no possible way to stop somebody from doing this.

What you can do to solve the basis of the problem is:

  • You can contact the owners of the domain padstm.com and tell them about the error. If it actually is a mistake, they'll probably fix it. But if it's a spammer, they will happily go on abusing you...

  • You can request an new IP address from your hosting company. You'll need to change your own DNS records to point to the new IP, and give them time to fade from caches, before you switch off the old IP.

You can also make Apache not serve any content that contains a request for a hostname that doesn't belong to you. The way it works is, if you send a request to Apache with a hostname that is listed in one of the VirtualHosts, that VirtualHost will be used. But if the hostname isn't listed anywhere, then the first VirtualHost will be used by default. (I wrote a longer description of how this works in this answer, if you're interested.) So what you do is simply to set up a default VirtualHost that doesn't serve content. Here's a sample configuration

<VirtualHost xxx.xxx.xxx.xxx:80>
    ServerName default
    RewriteEngine On
    RewriteRule .* - [G]
</VirtualHost>

This means that every URL requested will be rewritten to return 410 Gone for any request to any hostname that is not listed as a ServerName or ServerAlias in one of the other VirtualHosts in your config. This return code means that the resource does not exist and never will exist again and the client should stop attempting to access it.

If you're interested in seeing what gets thrown at your server, set up suitable CustomLog and ErrorLog directives to keep track of it. If not, send the logs to the bitbucket by adding the following lines:

CustomLog /dev/null common
ErrorLog  /dev/null

to the VirtualHost config

Related

Agreement after disjunctive compound subject_"My brother or one of my sisters" — singular or plural?
Why do we say "It's time we ate" and not "It's time we eat"?
"pros and cons", "black and white", "ups and downs". Always in a fixed sequence, is there a word or phrase for these?
When is "L" doubled?
Why do we say "was supposed to" for "should have"?
What's the negation of "I used to be"? Surely not "I didn't used to be"?
What are some examples of awkward sounding but grammatically correct sentences?
As quick as we can?
Tense change: previous actions on something that's currently true
In which cases is a comma/period placed inside or outside of parentheses?
Controversy over verb choice in "neither you nor I {is/am/are} in control"
"There are so many" vs. "There is so many"