Protect against bot script that returns open proxies within your local network

Hi everyone,

Has any of you seen an entry like this in your Apache access logs?

AAA.BBB.CCC.DDD - - [20/Apr/2015:10:44:19 -0300] "GET http://testp4.pospr.waw.pl/testproxy.php HTTP/1.1" 404 376 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"

That .php file prints to your screen the IP address of open proxies in your network according to what I’ve read.

If so, what have you done to protect your web server against such bots? Any ideas will be more than welcome.

Haven’t met the file in question, but I am sure you can block it with mod_security. You can define custom page for mod_security. That way you can prevent loading of such files and notify the visitor that he is doing something wrong.

If you are not sure about the rule that you should use, please let me know and I will write one for you. Will be more than glad to help on that matter.