"HTTP CONNECT" requests

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
breese
  • breese
  • Posts: 59
  • Joined: Feb 26 09 11:57 pm

"HTTP CONNECT" requests

Feb 25 14 2:55 am

I have been running V6 for a very long time.
Over the weekend I was asked to join an IRC
In the process of signing up I received information that my system can / is being used as a Open Proxy.

" "HTTP CONNECT" requests to port 80 at your address are being served, allowing
arbitrary HTTP requests to be made against other servers. "

While I do not understand this, I am running a web server behind Wingate
Is it possible my Bindings are allowing this and how do I verify / change so as to stop this possible attack?

If I telnet to my web server from an outside source
telnet IPAddress 80
or
telnet webservername 80
Wingate shows an http://

I discovered the following site
http://atomintersoft.com/proxy_checker
if I enter my web server info and tell it port 80
it returns with

Proxy Type High anonymity (Elite)
HTTP_CONNECTION:Keep-Alive
HTTP_CONTENT_LENGTH:0
HTTP_ACCEPT:*/*
HTTP_HOST:russianproxy.ru
HTTP_USER_AGENT:User-Agent: VPN service http://russianproxy.ru
HTTP_X_ORIGINAL_URL:/environment/

Also, I have WinGate 6.x Professional 6 concurrent
What is the $$ amount for me to upgrade?
I am just a little household looking to protect myself and family
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: "HTTP CONNECT" requests

Feb 26 14 5:21 pm

Hi

HTTP CONNECT is used to set up a "tunnel" / connection to an end server, where the data is just relayed over the connection after that (rather than then being a bunch of http requests).

So CONNECT can be used for any TCP-based protocol, such as sending mail. It's main purpose is for use by browsers to set up a SSL/TLS connection to web servers for https. But it's able to be abused due to it's generality.

So, if you're running WinGate as a reverse proxy, you definitely want to prevent external users from using it as a forward proxy, else they will use your WinGate as a open proxy to send spam, and will get your IP blacklisted.

With any version of WinGate, we recommend for reverse proxy use to set up a different instance of a WWW proxy for the reverse proxy vs the proxy used by internal clients to surf the net.

Then you use policy to prevent unwanted requests. In WinGate 6 this entails setting a policy so that only non-proxy requests can be made. This can be set in the advanced tab in a policy.

For WinGate 7 / 8 it's quite different.

Regards

Adrien de Croy
breese
  • breese
  • Posts: 59
  • Joined: Feb 26 09 11:57 pm

Re: "HTTP CONNECT" requests

Feb 27 14 12:37 am

I do believe I have the correct reverse proxy setups
I do not understand
In WinGate 6 this entails setting a policy so that only non-proxy requests can be made.

How / what is a non-proxy request and where within the policy do I add it?
I do not understand what it is I need to add to the policy for the service.
Is there an example I can follow?
My connection is getting hammered when they find it
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: "HTTP CONNECT" requests

Feb 27 14 6:47 am

Hi Bob

Got your email and set the policy on your system. Let me know if you have any further issues.

Regards

Adrien
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index