httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bohumil Holubec <bo...@mstu.cz>
Subject RE: [users@httpd] limit CONNECT
Date Wed, 22 Jun 2005 08:19:16 GMT
Im not sure how to use this. Now I have in apache2.conf:
<IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteLog /var/log/apache2/rewrite.log
     RewriteCond %{REQUEST_METHOD} =CONNECT
     RewriteRule .* - [F]
</IfModule>

server-info writes:
Module Name: mod_rewrite.c
Content handlers: yes
Configuration Phase Participation: Create Directory Config, Merge 
Directory Configs, Create Server Config, Merge Server Configs
Request Phase Participation: Translate Path, Check Type, Fixups
Module Directives:
 	RewriteEngine - On or Off to enable or disable (default) the whole
 	rewriting engine
 	RewriteOptions - List of option strings to set
 	RewriteBase - the base URL of the per-directory context
 	RewriteCond - an input string and a to be applied regexp-pattern
 	RewriteRule - an URL-applied regexp-pattern and a substitution URL
 	RewriteMap - a mapname and a filename
 	RewriteLock - the filename of a lockfile used for inter-process
 	synchronization
 	RewriteLog - the filename of the rewriting logfile
 	RewriteLogLevel - the level of the rewriting logfile verbosity (0=none, 1=std, .., 9=max)
Current Configuration:
 	RewriteEngine on
 	RewriteLog /var/log/apache2/rewrite.log
 	RewriteCond %{REQUEST_METHOD} =CONNECT
 	RewriteRule .* - [F]

but when i try it with telnet, CONNECT still works and rewrite.log is 
empty.



On Wed, 22 Jun 2005, Axel-St├ęphane  SMORGRAV wrote:

> Maybe you could try:
>
> RewriteCond %{REQUEST_METHOD} =CONNECT
> RewriteRule .* - [F]
>
> You would need mod_rewrite for this.
>
> -ascs
>
> -----Original Message-----
> From: Bohumil Holubec [mailto:bozek@mstu.cz]
> Sent: Tuesday, June 21, 2005 5:53 PM
> To: users@httpd.apache.org; Joshua Slive
> Subject: Re: [users@httpd] limit CONNECT
>
> Thank you but in <directory> directive it doesnt work and i need that because some
providers when i register new web e-mail they testing this connect...
>
> On Tue, 21 Jun 2005, Joshua Slive wrote:
>
>> On 6/21/05, Bohumil Holubec <bozek@mstu.cz> wrote:
>>> I allready tried it but with no effects.
>>> In apache2.conf i have:
>>> #LoadModule proxy_module                  modules/mod_proxy.so
>>> #LoadModule proxy_connect_module          modules/mod_proxy_connect.so
>>> #LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so
>>> #LoadModule proxy_http_module            modules/mod_proxy_http.so
>>>
>>> and response on telnet is still HTTP/1.1 200
>>
>> I agree that the fact the <Limit FOO> ...</Limit> winds up unsetting
>> the restrictions on other methods is somewhat unfortunate.  But that
>> ain't gonna be fixed any time soon.
>>
>> Here are some alternatives:
>> - Put your <Limit> inside a <Directory> section, rather than a
>> <Location> section.  This will ensure that it is processed before the
>> <Files> section.  You'll just need to be careful about it getting
>> overriden.
>> - Tell you PHP scripts to deny the CONNECT method.  Apache won't serve
>> them itself.  It is only because PHP gobbles up all methods that this
>> is an issue.
>> - Just ignore it.  The CONNECT method is probably being treated just
>> like a GET by your php scripts.  Hence it isn't doing any harm and can
>> be safely ignored.
>>
>> Joshua.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message