This discussion is archived
1 Reply Latest reply: Aug 8, 2013 8:13 PM by mwadmin RSS

Oracle HTTP server open proxy server with OTM configuration

mwadmin Newbie
Currently Being Moderated

Hi All,

 

We started seeing issue with odd requests coming into our access logs that have crippled out OTM (Oracle Transportation Management) 6.3 application. We are using Oracle HTTP server 11.1.1.7.

 

Here is what some of the access logs look like.

 

192.184.55.36 - - [04/Aug/2013:20:40:35 -0400] "GET http://an.z5x.net/ttj?id=1602786&size=300x250 HTTP/1.0" 404 186 "http://www.yoyohealth.com/category/posts/course-posts/dessert-course-posts/index.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; Alexa Toolbar)"

192.184.53.114 - - [04/Aug/2013:20:40:35 -0400] "GET http://ib.adnxs.com/ttj?id=1427673&size=728x90&cb=${CACHEBUSTER}&referrer=${REFERER_URL} HTTP/1.0" 404 186 "http://www.bzfb.com/online-games/263/Harry-Potter-Games.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Alexa Toolbar)"

192.74.231.27 - - [04/Aug/2013:20:40:35 -0400] "GET http://ib.adnxs.com/ttj?id=1309959&size=728x90&referrer=[REFERRER_URL] HTTP/1.0" 404 186 "http://www.evaver.com/introduce-your-kids-to-storytelling-tools/index.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; Alexa Toolbar)"

121.101.211.187 - - [04/Aug/2013:20:40:35 -0400] "GET http://www.baidu.com/ HTTP/1.1" 200 342 "http://www.baidu.com/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"

198.204.228.181 - - [04/Aug/2013:20:40:35 -0400] "GET http://ads1.ministerial5.com/creative/2-002134588-00001j;size=1 HTTP/1.0" 404 217 "http://appheal.com/?p=658" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b9pre) Gecko/20101228 Firefox/4.0b9pre"

216.144.254.107 - - [04/Aug/2013:20:40:35 -0400] "GET http://ib.adnxs.com/tt?id=1567208 HTTP/1.0" 404 185 "http://keepfit-tips.com/2012/07/page/12" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7 ChromePlus/1.5.0.0alpha1"

 

Looking around it appears that somehow our configuration for OTM has opened up a proxy for anyone to use. In the otm.conf they have enabled ProxyRequests On which I heard causes this and is generally bad to enable. I have changed it to off but it still has not helped. Is there something else I need to do to disable these requests? Any help would be appreciated.

 

Nick

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points