Apache accepting requests to other servers?
I'm having problems with apache server (CentOS VPS at Amazon). When apache starts, it starts to receive hundreds of requests, this is an example of the log:
173.208.216.165 - - [25/Jan/2015:18:23:11 +0000] "GET http://go.padstm.com/resources/img/iebt.png HTTP/1.0" 200 36023 "http://go.padstm.com/?id=173374&t=iframe&var=33110" "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)"
The path /resources/img/iebt.png is in my server, but not go.padstm.com. The strangest thing is that apache is accepting all the requests. Other example: in this case, the entire resource is NOT in my server, but apache returns 200:
198.204.239.250 - - [25/Jan/2015:19:04:39 +0000] "GET http://fstads.com/show.php?z=26&pl=494&j=1&code=1422237874120 HTTP/1.0" 200 10819 "http://financezhen.com/?p=186#respond" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre"
I don't know why these requests goes to my server, or why it returns 200...
Also, when apache starts and module prefork is enabled, it launches multiple httpd processes. If worker module is enabled, it launches multiple threads. Ok, but in both cases apache ends up consuming all the CPU and memory of the server, and there is not traffic directed to my server.
More info: ProxyRequests is Off. Also: I'm using ip-based vhosts:
NameVirtualHost xxx.xxx.xxx.xxx:80
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/html/w3prod
ServerAdmin admin@localhost
UseCanonicalName Off
CustomLog /var/log/httpd/w3prod.mydomain.com combined
ErrorLog /var/log/httpd/w3prod_error.mydomain.com
</VirtualHost>
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerName picfarm.mydomain.com
ServerAlias www.picfarm.mydomain.com
DocumentRoot /var/www/html/picfarm
ServerAdmin admin@localhost
UseCanonicalName Off
CustomLog /var/log/httpd/picfarm.mydomain.com combined
ErrorLog /var/log/httpd/picfarm_error.mydomain.com
</VirtualHost>
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerName test.mydomain.com
ServerAlias www.test.mydomain.com
DocumentRoot /var/www/html/engine-test
ServerAdmin admin@localhost
UseCanonicalName Off
CustomLog /var/log/httpd/test.mydomain.com combined
ErrorLog /var/log/httpd/test_error.mydomain.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /bosh http://xxx.xxx.xxx.xxx:7070/http-bind/
ProxyPassReverse /bosh http://xxx.xxx.xxx.xxx:7070/http-bind/
ProxyPass / http://xxx.xxx.xxx.xxx:8080/
ProxyPassReverse / http://xxx.xxx.xxx.xxx:8080/
</VirtualHost>
Any help would be appreciated. Thanks!
Solution 1:
The problem here is that somebody has set up a DNS record of their own domain, and pointed it to your IP instead of their own server's IP. There is no possible way to stop somebody from doing this.
What you can do to solve the basis of the problem is:
-
You can contact the owners of the domain padstm.com and tell them about the error. If it actually is a mistake, they'll probably fix it. But if it's a spammer, they will happily go on abusing you...
-
You can request an new IP address from your hosting company. You'll need to change your own DNS records to point to the new IP, and give them time to fade from caches, before you switch off the old IP.
You can also make Apache not serve any content that contains a request for a hostname that doesn't belong to you. The way it works is, if you send a request to Apache with a hostname that is listed in one of the VirtualHosts, that VirtualHost will be used. But if the hostname isn't listed anywhere, then the first VirtualHost will be used by default. (I wrote a longer description of how this works in this answer, if you're interested.) So what you do is simply to set up a default VirtualHost that doesn't serve content. Here's a sample configuration
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerName default
RewriteEngine On
RewriteRule .* - [G]
</VirtualHost>
This means that every URL requested will be rewritten to return 410 Gone
for any request to any hostname that is not listed as a ServerName
or ServerAlias
in one of the other VirtualHosts in your config. This return code means that the resource does not exist and never will exist again and the client should stop attempting to access it.
If you're interested in seeing what gets thrown at your server, set up suitable CustomLog
and ErrorLog
directives to keep track of it. If not, send the logs to the bitbucket by adding the following lines:
CustomLog /dev/null common
ErrorLog /dev/null
to the VirtualHost config