httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "KAN NAN" <kannan_...@hotmail.com>
Subject Re: [users@httpd] Re: what happen in access_log
Date Thu, 02 Oct 2003 08:14:26 GMT
<html><div style='background-color:'><DIV>
<P><BR>Sorry Please read this:<BR></P>
<DIV>
<DIV></DIV>
<P>Hi,<BR>CONNECT commands are issued using telnet.So, your server is used as
a proxy for connecting to other sites. Usually do this to check emails or hack any mail server
or any kind of malicious attempt, so that they can suppress their IP-Address from visibility.<BR><BR>For
now I could think of two solutions:<BR>1) Decide whether u really need proxy server
feature, if not switch it off.<BR>2) Block the CONNECT command from your httpd.conf,
like this:</P></DIV>
<P>&lt;location /&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&lt;limit CONNECT&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Order Allow,Deny<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Deny from all<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/limit&gt;<BR>&lt;/location&gt;
</P>
<P>thanks,<BR>-kannan</P></DIV>
<P><BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P>
<DIV></DIV>
<P><BR>&nbsp;</P>
<DIV></DIV>
<DIV></DIV>
<DIV></DIV>&gt;From: Luqman <LUQE@UNHAS.AC.ID>
<DIV></DIV>
<DIV></DIV>&gt;Reply-To: Luqman <LUQE@UNHAS.AC.ID>
<DIV></DIV>
<DIV></DIV>&gt;To: users@httpd.apache.org 
<DIV></DIV>
<DIV></DIV>&gt;Subject: [users@httpd] Re: what happen in access_log 
<DIV></DIV>
<DIV></DIV>&gt;Date: Thu, 2 Oct 2003 15:13:42 +0800 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;this is an email reply to last week or 2 week ago 
<DIV></DIV>
<DIV></DIV>&gt;it's about my /var/log/apache/access_log 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;i have read the doc about proxy 
<DIV></DIV>
<DIV></DIV>&gt;and disabling proxyrequest 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;this is my config: 
<DIV></DIV>
<DIV></DIV>&gt;----------------------------- 
<DIV></DIV>
<DIV></DIV>&gt; ProxyRequests Off 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; <DIRECTORY proxy:*>
<DIV></DIV>
<DIV></DIV>&gt; Order deny,allow 
<DIV></DIV>
<DIV></DIV>&gt; Deny from all 
<DIV></DIV>
<DIV></DIV>&gt; Allow from unhas.ac.id 
<DIV></DIV>
<DIV></DIV>&gt; </DIRECTORY>
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;but i still get this on access_log: 
<DIV></DIV>
<DIV></DIV>&gt;------------------------------ 
<DIV></DIV>
<DIV></DIV>&gt;62.65.218.200 - - [02/Oct/2003:14:43:44 +0800] "CONNECT login.icq.com:443
HTTP/1.0" 200 16163 
<DIV></DIV>
<DIV></DIV>&gt;62.65.218.200 - - [02/Oct/2003:14:43:55 +0800] "CONNECT login.icq.com:443
HTTP/1.0" 200 16163 
<DIV></DIV>
<DIV></DIV>&gt;202.102.142.48 - - [02/Oct/2003:14:44:07 +0800] "GET http://www.sina.com.cn/
HTTP/1.1" 200 16273 
<DIV></DIV>
<DIV></DIV>&gt;66.171.94.240 - - [02/Oct/2003:14:45:36 +0800] "GET http://edit.europe.yahoo.com/?.redir_from=REGISTRATION?.&amp;login=&amp;.chkP=Y&amp;.done=http://jpager.yahoo.com/jpager/pager2.shtml&amp;login=sa.do&amp;passwd=420
HTTP/1.0" 200 13555 
<DIV></DIV>
<DIV></DIV>&gt;200.193.85.115 - - [02/Oct/2003:14:46:49 +0800] "CONNECT 204.127.134.23:25
HTTP/1.0" 200 16171 
<DIV></DIV>
<DIV></DIV>&gt;38.117.18.135 - - [02/Oct/2003:14:47:06 +0800] "CONNECT 149.174.40.3:25
HTTP/1.0" 200 16147 
<DIV></DIV>
<DIV></DIV>&gt;200.193.85.115 - - [02/Oct/2003:14:47:36 +0800] "CONNECT 143.166.224.193:25
HTTP/1.0" 200 16179 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;i don't know if this is normal situation or not. 
<DIV></DIV>
<DIV></DIV>&gt;but, please tellme what to do... 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;-- 
<DIV></DIV>
<DIV></DIV>&gt;Best regards, 
<DIV></DIV>
<DIV></DIV>&gt; Luqman &gt;&gt; luqe@unhas.ac.id 
<DIV></DIV>
<DIV></DIV>&gt;http://www.unhas.ac.id/luqe 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;Tuesday, September 23, 2003, 5:58:16 PM, you wrote: 
<DIV></DIV>
<DIV></DIV>&gt;DMea&gt; IMHO you use mod_proxy and ProxyRequests is on
and your webserver 
<DIV></DIV>
<DIV></DIV>&gt;DMea&gt; is used as public proxy. 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;DMea&gt; Look into the doc: 
<DIV></DIV>
<DIV></DIV>&gt;DMea&gt; http://httpd.apache.org/docs/mod/mod_proxy.html#proxyrequests

<DIV></DIV>
<DIV></DIV>&gt;DMea&gt; http://httpd.apache.org/docs/mod/mod_proxy.html#access

<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;DMea&gt; regards Dietmar 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;---------------------------------------------------------------------

<DIV></DIV>
<DIV></DIV>&gt;The official User-To-User support forum of the Apache HTTP
Server Project. 
<DIV></DIV>
<DIV></DIV>&gt;See <?XML:NAMESPACE PREFIX = URL /><URL:HTTP: httpd.apache.org
userslist.html>for more info. 
<DIV></DIV>
<DIV></DIV>&gt;To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt; " from the digest: users-digest-unsubscribe@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt;For additional commands, e-mail: users-help@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt; </URL:HTTP:>
<DIV></DIV></div><br clear=all><hr>Access Hotmail from your
mobile now. <a href="http://g.msn.com/8HMBENIN/2749??PS=">Click here.</a> </html>
Mime
View raw message