httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Deny CONNECT & GET http requests
Date Sun, 17 Jun 2007 02:04:19 GMT
On 6/16/07, Bob <bob@a1poweruser.com> wrote:
> I get 100k plus of these per month. This is really stressing my server.
>
> 88.233.57.141 - - "GET http://yasann2.hp.infoseek.co.jp/cgi-bin/jenv.cgi
> HTTP/1.1" 404 300 "http://yasann2.hp.infoseek.co.jp/cgi-bin/jenv.cgi"

> 125.225.140.225 - "CONNECT 209.191.118.103:25 HTTP/1.0" 200 7034 "-" "-"

> Running FBSD 6.2 + apache 1.3.37_1 and the mod_proxy is commented out.
>
> I want to add declaratives to http-conf to globally deny processing
> all CONNECT & GET http requests entering the server.

Start by reading:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan

You'll see that the GET requests are already being handled perfectly
correctly. There is nothing more you need do (and indeed, not much
more you can do even if you wanted to; you could make apache issue a
403 status code instead of 404, but it wouldn't make any difference).
You should, of course, double-check that the 404 is being generated by
your server and not the remote servers. You could do this, for
example, by pointing your browser's proxy settings at your web server
and requesting foreign sites.

The CONNECT requests are slightly different. I suspect that 7034 (the
size of the reponses) is actually the size of the response generated
by your default index page on the site. Further, I suspect that this
page is generated by php. In a default configuration, apache will
respond with Method Not Allowed to CONNECT requests, but php allows
any method at all through to its scripts. I believe there is a php
config to allow only particular methods through.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message