-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Tony,
On Jun 18, 2007, at 11:25 PM, Tony Anecito wrote:
I noticed a someone was using CONNECT xxx.xxx.xxx.xxx http command
against Apache. I was wondering how to disable the CONNECT command
from executing on Apache. In a couple of entries I noticed a
connection from Seattle that might be a spammer so I want to
disable the CONNECT command from running successfully.
I'd advise you to CLOSE THIS IMMEDIATELY. Before long your site will
be on lists of open proxies and you'll be denied traffic. And trust
me, it's a huge pain getting off those lists. Until you fix this
issue, don't advertize your site - there will be plenty of spambots
checking the openness of your proxy.
See the proxy documentation, off the top of my head (check the docs,
I can't access them now but want to leave at least a pointer) there
are at least 3 alternatives:
# 1. If you have a reverse proxy only, you don't need to serve proxy
requests
ProxyRequests off
or
# 2. If you have a forwarding proxy, then you must serve proxy requests.
# Use a whitelist of the systems that are allowed to do so, and close
all
# others. I'm not sure this is the right syntax btw...
<location proxy>
order deny, allow
deny from all
allow from 127.0.0.1
</location>
or
3. Have your proxy listen to some odd port, say 8080, set up as a
virtual server. Allow proxy requests only in that virtual server.
Have your internal LAN users (who use Apache as a forwarding proxy to
get to the outside) connect to that port, but close access to the
port from the outside on the OS level, eg. on Linux with iptables.
Hope this helps,
Karel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iD8DBQFGdvzI23FrzRzybNURApPOAKCOtTA73RZULOmGApmFwVCeMAcOiQCfeApS
c9aeh/4r60oFTHhDGNCG6dM=
=G9Md
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
