The word proxy as defined by Merriam Webster means a person authorized to act for another. This meaning, when transposed to the Web is a bit similar. Wikipedia defines a proxy server as a “server that acts as an intermediary for requests from clients seeking resources from other servers.”
Problems arise when the proxy server acts as an intermediary to servers that it cannot trust.
The city’s central computer told you? R2-D2, you know better than to trust a strange computer.
- Star Wars Episode V: The Empire Strikes Back
Don’t repeat something that you wouldn’t say yourself. Although this is a corollary to the golden rule we all learned in kindergarden, it also applies to proxies. You probably don’t care about evil content being spewed by random servers on the internet, but you should care when it comes from your servers.
- XSS: The Cross Site Scripting Cheat Sheet is a good place to start learning about sanitizing untrusted data.
- Malicious File Execution: If your proxy is serving files (music, images, video), you’ll need to take particular care when your proxy handles/streams arbitrary data.
- MIME mishandling: If your proxy is serving images, you need to make sure it’s actually an image. OWASP has a good write-up on browsers mishandling MIMEs, which opens yet another XSS attack vector.
- Authenticate: When the WWW-Authenticate is presented to the browser, it will prompt the user for a user name and password and send it back to the requester. This presents a phishing attack vector since your proxy on http://example.com isn’t asking for a user-name/password, but the proxied content is. So try to strip this header if possible.
Whitelist a handful of ports that are absolutely needed, and deny all other ports. This is important because malicious users can use your proxy in ways you never fathomed of. For example if you have port 25 open, spammers can start relaying thousands of emails about viagra through your proxy. Malicious users could also start hitting random ip addresses listening to port 11211 and start peaking into your memcached servers.
Make sure you impose an upper-limit on the amount of data you’re reading from the origin server. If the origin server isn’t under your control, the data being proxied could very well be a high-definition version of Avatar.
You can set an object size limit in Apache Traffic Server by updating the following variable in the records.config file.