AnsweredAssumed Answered


Question asked by Joey Jimenez on Jan 30, 2012
Latest reply on Feb 1, 2012 by Joey Jimenez

I am new to the UNIX Sys Admin arena.


I currently had my vulnerability scan, and turned up an Apache HTTP Reverse Proxy / Rewrite Rule vulnerability. ( at least I'm assuming thatis what the issue is, and the solution is to install package CVE-2011-4317 ) But,  I am not able to find this package.


So, I've been doing some research, and have found some discussions referencing the disabling of reverse proxy and / or rewrite rule.


I have verified that my ' httpd.conf ' file has the correct configuration: 


RewriteRule ^(.*) http://IP_address/$1  <----- the insertion of the ' / '

ProxyPassMatch ^(.*) http://IP_address/$1  <---- the insertion of the ' / '


However, my ' httpd.conf ' file has neither of these two lines. It does reference several RewriteRule lines that look like the following:


RewriteRule ^.*$ - [G,L}


I'm sure I missed something, probably the correct ' .conf ' file, but not sure where that would be located.


Could someone give me guidance or direction as tohow to resolve this issue? I will be greatful for any assistance from the community.



Thank you!!



- Joey