Prevent fraudulent use of your proxy web server 

We offer some HTTP services from our company HSZ (High security zone) trough an Apache proxy server situated in the DMZ (Demilitarized Zone). The Apache forwards external requests through the company's firewall to the internal Apache web server. This path is marked with "A = OK" in the following figure.

Last week, we suddenly recovered some very strange URL's in the logfile of the proxy Apache Server like the following: "GET "GET "GET "GET

This URL's cannot be located on our internal Apache webserver - what's happen ?
Our Apache proxy server was misused by some poor people to download sex articles from other locations in the internet. Why is this possible ?

If you configure your Apache proxy server with ProxyRequests On, then the access path marked with "B = not allowed" will be possible. However setting ProxyRequests to ' Off ' does not disable use of the ProxyPass directive, which is necessary for the access path "A = OK". Due to this, we changed our Apache configuration file in the following way:

# Prevent fraudulent use of proxy server

<IfModule mod_proxy.c>
  ProxyRequests Off

# VirtualHost configured to access internal service

  ServerAdmin martin dot zahn at akadia dot ch
  DocumentRoot "/opt/www"
  ServerName mail2.mydomain.tld
  <IfModule mod_proxy.c>
    ProxyPass /
    ProxyPassReverse /


How to check both access path's ?

Open Netscape Navigator an enter the IP-Address and Port Number 8612 in the Proxy Configuration (Edit -> Preferences -> Advanced -> Proxies -> Manual Proxy Config).

Now, try to connect from Netscape to e.g., this should no more possible which means that access path "B = not allowed" is forbidden - that's what we want.