thx to Eric Covener (the sole replier on my mail), he pointed me in the right direction :
Without any 'proxy' modules loaded, I needed to configure a 'honeypot' virtualhost to catch any request that doesn't contain one of my hostnames (like "www.mydomain.be"),[1] and deny access to them all. By placing this extra virtualhost as the first in the config, it becomes the "default" one. These are the config lines I added : <VirtualHost *:80> ServerName default.only <Location "/"> order allow,deny Deny from all </Location> </VirtualHost> works like a charm. Testing is done with a TELNET to my web server's internal IP address, port 80, and entering the following: GET http://www.yahoo.com/ HTTP/1.1 Host: www.yahoo.com (followed by double newlines) cheers Rob Citeren Rob De Langhe <rob.de.lan...@twistfare.be>: > hi, > > despite me disabling the "proxy*" modules from my Apache, I see still > occasionally some succesfull hack attempts via my server (code 200) : > > 125.46.73.7 - - [30/Jun/2011:11:54:09 +0200] "GET http://www.baidu.com/ > HTTP/1.1" 200 240 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)" > > The loaded modules in my Apache are : > > # /usr/apache2/bin/httpd -M | sort > actions_module (shared) > alias_module (shared) > auth_basic_module (shared) > authn_dbm_module (shared) > authn_default_module (shared) > authn_file_module (shared) > authz_dbm_module (shared) > authz_default_module (shared) > authz_groupfile_module (shared) > authz_host_module (shared) > authz_user_module (shared) > autoindex_module (shared) > cgi_module (shared) > core_module (static) > dbd_module (shared) > dir_module (shared) > dumpio_module (shared) > env_module (shared) > expires_module (shared) > headers_module (shared) > http_module (static) > include_module (shared) > log_config_module (shared) > logio_module (shared) > mime_module (shared) > mpm_prefork_module (static) > negotiation_module (shared) > php5_module (shared) > setenvif_module (shared) > so_module (static) > ssl_module (shared) > vhost_alias_module (shared) > > Can anyone please shed some light on this mystery ? > > thx a lot in advance > Rob > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. Links: ------ [1] http://www.mydomain.be ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.