Ao executar um teste de vulnerabilidade pela ferramenta acunetix, verificamos um ponto de atenção com um alerta sobre: Reverse_Proxy_Bypass
Preciso de um auxilio para configurar uma regra de para tratar esta situação na minha aplicação. Segue abaixo relato do teste executado.
- Description The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy,
which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
- A configuration like one of the following examples: RewriteRule (.*)\\.(jpg|gif|png) http://images.example.com$1.$2 [P] ProxyPassMatch (.*)\\.(jpg|gif|png) http://images.example.com$1.$2 could result in an exposure of internal servers.
A request of the form: GET @other.example.com/something.png HTTP/1.1 - would get translated to a target of: http://images.example.com@other.example.com/something.png This will cause the proxy to connect to the hostname 'other.example.com', as the 'images.example.com@' segment would be treated as user credentials when parsing the URL.
This would allow a remote attacker the ability to proxy to hosts other than those expected, which could be a security exposure in some circumstances.