On Fri, May 20, 2016 at 7:09 PM, Kurtis Rader <kra...@skepticism.us> wrote:
> On Fri, May 20, 2016 at 4:00 PM, Roman Gelfand <rgelfa...@gmail.com> > wrote: > >> Also, what does this mean? >> > >> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-" >> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy >> connection)" >> > > It's checking whether your web server allows the OPTIONS command which > might allow other forms of attacks to succeed. I strongly recommend > disallowing that HTTP command. Easiest way is via mod_allowmethods: > https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html > This is actually an internal Apache connection. See https://wiki.apache.org/httpd/InternalDummyConnection for more information. - Y
