Open Proxy on IWWebD

Hello all,
I just wanted to alert folks to a potential serious problem that can arise from a basic default installation of TeamSite. By default, Apache is configured to be an open proxy, that, if your server is accessible from www-land, can be used by potentially anyone.

This is easily fixable by adding the following to your iw.cfg file:

|iwproxy_fullproxy_redirect|
_regex=^http=

If you put a site after the equal sign, all non-teamsite traffic will be redirected there. I preferred that Apache just drop packets instead to reduce interaction as much as possible.

This is a very important oversight of Interwoven that Apache isn't configured by default to NOT be open. I did a very quick search last night online for open proxies with teamsite in the domain and found a number of them... Some may be on purpose, but probably not.

I would advise everyone to take a good look at how they use TeamSite and to check whether they are allowing Apache (IWWedD) to be an open proxy. My guess is that if this is intentional on your implementation, you probably already know about it.

If you're not familiar with what I am referring to, just to a Google search for Open Proxy, or Free Proxy List... You'll see what I mean pretty quickly.

Thanks and good luck!

Find more posts tagged with

Comments

Migrateduser

As of a recent service pack, we have changed the default configuration to disable open proxy access.

The feature that used this proxying is that of setting the browser's ("forward") proxy server to be iwwebd, and redirecting requests for "http://external-site.com" to a development machine. This allows sites which include multiple domains to be developed inside TeamSite.