httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bohumil Holubec <bo...@mstu.cz>
Subject RE: [users@httpd] limit CONNECT
Date Wed, 22 Jun 2005 19:15:57 GMT
It works fine. It's pity that cannot be as global settings.
Thank you for everything.

On Wed, 22 Jun 2005, Axel-St├ęphane  SMORGRAV wrote:

> I'll answer both your mails:
>
> 1. Add RewriteLogLevel 5 to your configuration in order to enable logging.
>
> 2. You can define the rewrite rules at the server level and then the only thing you will
need to include in your virtual hosts is:
>
> RewriteEngine On
> RewriteOptions inherit
>
> -ascs
>
> -----Original Message-----
> From: Bohumil Holubec [mailto:bozek@mstu.cz]
> Sent: Wednesday, June 22, 2005 6:48 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] limit CONNECT
>
> Maybe the problem is this:
> from apache2 doc: "Note that, by default, rewrite configurations are not inherited. This
means that you need to have a RewriteEngine on directive for each virtual host in which you
wish to use it."
> but i have hundreds of virtual hosts on my server. So how can i use mod_rewrite code
as common settings?
>
> On Wed, 22 Jun 2005, Bohumil Holubec wrote:
>
>> Im not sure how to use this. Now I have in apache2.conf:
>> <IfModule mod_rewrite.c>
>>     RewriteEngine on
>>     RewriteLog /var/log/apache2/rewrite.log
>>     RewriteCond %{REQUEST_METHOD} =CONNECT
>>     RewriteRule .* - [F]
>> </IfModule>
>>
>> server-info writes:
>> Module Name: mod_rewrite.c
>> Content handlers: yes
>> Configuration Phase Participation: Create Directory Config, Merge
>> Directory Configs, Create Server Config, Merge Server Configs Request
>> Phase Participation: Translate Path, Check Type, Fixups Module
>> Directives:
>> 	 RewriteEngine - On or Off to enable or disable (default) the whole
>> 	 rewriting engine
>> 	 RewriteOptions - List of option strings to set
>> 	 RewriteBase - the base URL of the per-directory context
>> 	 RewriteCond - an input string and a to be applied regexp-pattern
>> 	 RewriteRule - an URL-applied regexp-pattern and a substitution URL
>> 	 RewriteMap - a mapname and a filename
>> 	 RewriteLock - the filename of a lockfile used for inter-process
>> 	 synchronization
>> 	 RewriteLog - the filename of the rewriting logfile
>> 	 RewriteLogLevel - the level of the rewriting logfile verbosity
>> 	 (0=none, 1=std, .., 9=max)
>> Current Configuration:
>> 	 RewriteEngine on
>> 	 RewriteLog /var/log/apache2/rewrite.log
>> 	 RewriteCond %{REQUEST_METHOD} =CONNECT
>> 	 RewriteRule .* - [F]
>>
>> but when i try it with telnet, CONNECT still works and rewrite.log is empty.
>>
>>
>>
>> On Wed, 22 Jun 2005, Axel-St├ęphane  SMORGRAV wrote:
>>
>>>  Maybe you could try:
>>>
>>>  RewriteCond %{REQUEST_METHOD} =CONNECT  RewriteRule .* - [F]
>>>
>>>  You would need mod_rewrite for this.
>>>
>>>  -ascs
>>>
>>>  -----Original Message-----
>>>  From: Bohumil Holubec [mailto:bozek@mstu.cz]
>>>  Sent: Tuesday, June 21, 2005 5:53 PM
>>>  To: users@httpd.apache.org; Joshua Slive
>>>  Subject: Re: [users@httpd] limit CONNECT
>>>
>>>  Thank you but in <directory> directive it doesnt work and i need
>>> that  because some providers when i register new web e-mail they
>>> testing this  connect...
>>>
>>>  On Tue, 21 Jun 2005, Joshua Slive wrote:
>>>
>>>>  On 6/21/05, Bohumil Holubec <bozek@mstu.cz> wrote:
>>>>>  I allready tried it but with no effects.
>>>>>  In apache2.conf i have:
>>>>> # LoadModule proxy_module                  modules/mod_proxy.so
>>>>> # LoadModule proxy_connect_module          modules/mod_proxy_connect.so
>>>>> # LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so
>>>>> # LoadModule proxy_http_module            modules/mod_proxy_http.so
>>>>>
>>>>>  and response on telnet is still HTTP/1.1 200
>>>>
>>>>  I agree that the fact the <Limit FOO> ...</Limit> winds up
>>>> unsetting  the restrictions on other methods is somewhat
>>>> unfortunate.  But that  ain't gonna be fixed any time soon.
>>>>
>>>>  Here are some alternatives:
>>>>  - Put your <Limit> inside a <Directory> section, rather than
a
>>>> <Location> section.  This will ensure that it is processed before
>>>> the  <Files> section.  You'll just need to be careful about it
>>>> getting  overriden.
>>>>  - Tell you PHP scripts to deny the CONNECT method.  Apache won't
>>>> serve  them itself.  It is only because PHP gobbles up all methods
>>>> that this  is an issue.
>>>>  - Just ignore it.  The CONNECT method is probably being treated
>>>> just  like a GET by your php scripts.  Hence it isn't doing any
>>>> harm and can  be safely ignored.
>>>>
>>>>  Joshua.
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> --  The official User-To-User support forum of the Apache HTTP
>>>> Server  Project.
>>>>  See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>  To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>  For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>  The official User-To-User support forum of the Apache HTTP Server Project.
>>>  See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>  To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>  For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>  The official User-To-User support forum of the Apache HTTP Server Project.
>>>  See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>  To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>  For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message