httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krist van Besien" <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] Strange CONNECT String
Date Sun, 18 Feb 2007 14:26:22 GMT
On 2/18/07, Graham Frank <gfrank@neoservers.com> wrote:
> Hey,
>
> System Specs:
> Apache 2.2.4 using worker MPM
> Dual Opteron 270 x86_64
>
> I'm noticing in my access_log the following:
>
> <ip removed> - - [16/Feb/2007:23:27:19 -0500] "CONNECT <domain removed>:25
> HTTP/1.0" 200 100482
>
> By the looks of it, it's accepting the request and following through?  How
> can I block connections like these?  Furthermore, how concerned should I be
> regarding this?

I think you should be concerned. Port 25 is the smtp port, so someone
is trying (and mybe succeeding) to use your apache server as a proxy
to contact an email server. There are usually no reasons to do this,
other than sending spam.

You need to have look at your server config. It is usually not a good
idea to let the world use your server as a proxy. Read this:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

Krist



-- 
krist.vanbesien@gmail.com
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message