httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bohumil Holubec <bo...@mstu.cz>
Subject RE: [users@httpd] limit CONNECT
Date Wed, 22 Jun 2005 16:47:40 GMT
Maybe the problem is this:
from apache2 doc: "Note that, by default, rewrite configurations are not 
inherited. This means that you need to have a RewriteEngine on directive 
for each virtual host in which you wish to use it."
but i have hundreds of virtual hosts on my server. So how can i use 
mod_rewrite code as common settings?

On Wed, 22 Jun 2005, Bohumil Holubec wrote:

> Im not sure how to use this. Now I have in apache2.conf:
> <IfModule mod_rewrite.c>
>     RewriteEngine on
>     RewriteLog /var/log/apache2/rewrite.log
>     RewriteCond %{REQUEST_METHOD} =CONNECT
>     RewriteRule .* - [F]
> </IfModule>
>
> server-info writes:
> Module Name: mod_rewrite.c
> Content handlers: yes
> Configuration Phase Participation: Create Directory Config, Merge Directory 
> Configs, Create Server Config, Merge Server Configs
> Request Phase Participation: Translate Path, Check Type, Fixups
> Module Directives:
> 	 RewriteEngine - On or Off to enable or disable (default) the whole
> 	 rewriting engine
> 	 RewriteOptions - List of option strings to set
> 	 RewriteBase - the base URL of the per-directory context
> 	 RewriteCond - an input string and a to be applied regexp-pattern
> 	 RewriteRule - an URL-applied regexp-pattern and a substitution URL
> 	 RewriteMap - a mapname and a filename
> 	 RewriteLock - the filename of a lockfile used for inter-process
> 	 synchronization
> 	 RewriteLog - the filename of the rewriting logfile
> 	 RewriteLogLevel - the level of the rewriting logfile verbosity
> 	 (0=none, 1=std, .., 9=max)
> Current Configuration:
> 	 RewriteEngine on
> 	 RewriteLog /var/log/apache2/rewrite.log
> 	 RewriteCond %{REQUEST_METHOD} =CONNECT
> 	 RewriteRule .* - [F]
>
> but when i try it with telnet, CONNECT still works and rewrite.log is empty.
>
>
>
> On Wed, 22 Jun 2005, Axel-Stéphane  SMORGRAV wrote:
>
>>  Maybe you could try:
>>
>>  RewriteCond %{REQUEST_METHOD} =CONNECT
>>  RewriteRule .* - [F]
>>
>>  You would need mod_rewrite for this.
>>
>>  -ascs
>>
>>  -----Original Message-----
>>  From: Bohumil Holubec [mailto:bozek@mstu.cz]
>>  Sent: Tuesday, June 21, 2005 5:53 PM
>>  To: users@httpd.apache.org; Joshua Slive
>>  Subject: Re: [users@httpd] limit CONNECT
>>
>>  Thank you but in <directory> directive it doesnt work and i need that
>>  because some providers when i register new web e-mail they testing this
>>  connect...
>>
>>  On Tue, 21 Jun 2005, Joshua Slive wrote:
>> 
>> >  On 6/21/05, Bohumil Holubec <bozek@mstu.cz> wrote:
>> > >  I allready tried it but with no effects.
>> > >  In apache2.conf i have:
>> > > # LoadModule proxy_module                  modules/mod_proxy.so
>> > > # LoadModule proxy_connect_module          modules/mod_proxy_connect.so
>> > > # LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so
>> > > # LoadModule proxy_http_module            modules/mod_proxy_http.so
>> > > 
>> > >  and response on telnet is still HTTP/1.1 200
>> > 
>> >  I agree that the fact the <Limit FOO> ...</Limit> winds up unsetting
>> >  the restrictions on other methods is somewhat unfortunate.  But that
>> >  ain't gonna be fixed any time soon.
>> > 
>> >  Here are some alternatives:
>> >  - Put your <Limit> inside a <Directory> section, rather than a
>> >  <Location> section.  This will ensure that it is processed before the
>> >  <Files> section.  You'll just need to be careful about it getting
>> >  overriden.
>> >  - Tell you PHP scripts to deny the CONNECT method.  Apache won't serve
>> >  them itself.  It is only because PHP gobbles up all methods that this
>> >  is an issue.
>> >  - Just ignore it.  The CONNECT method is probably being treated just
>> >  like a GET by your php scripts.  Hence it isn't doing any harm and can
>> >  be safely ignored.
>> > 
>> >  Joshua.
>> > 
>> >  ---------------------------------------------------------------------
>> >  The official User-To-User support forum of the Apache HTTP Server 
>> >  Project.
>> >  See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >  To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> >  For additional commands, e-mail: users-help@httpd.apache.org
>> > 
>> > 
>>
>>  ---------------------------------------------------------------------
>>  The official User-To-User support forum of the Apache HTTP Server Project.
>>  See <URL:http://httpd.apache.org/userslist.html> for more info.
>>  To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>  For additional commands, e-mail: users-help@httpd.apache.org
>> 
>>
>>  ---------------------------------------------------------------------
>>  The official User-To-User support forum of the Apache HTTP Server Project.
>>  See <URL:http://httpd.apache.org/userslist.html> for more info.
>>  To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>  For additional commands, e-mail: users-help@httpd.apache.org
>> 
>> 
>

Mime
View raw message