httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "KAN NAN" <>
Subject Re: [users@httpd] Re: what happen in access_log
Date Thu, 02 Oct 2003 08:13:05 GMT
<html><div style='background-color:'><DIV>
<P>Hi,<BR>CONNECT commands are issued using telnet.So, your server is used as
a proxy for connecting to other sites. Usually do this to check emails or hack any mail server
or any kind of malicious attempt, so that they can suppress their IP-Address from visibility.<BR><BR>For
now I could think of two solutions:<BR>1) Decide whether u really need proxy server
feature, if not switch it off.<BR>2) Block the CONNECT command from your httpd.conf,
like this:</P>
<P>&lt;location /&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&lt;limit CONNECT&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<P><BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P>
<DIV></DIV>&gt;From: Luqman <LUQE@UNHAS.AC.ID>
<DIV></DIV>&gt;Reply-To: Luqman <LUQE@UNHAS.AC.ID>
<DIV></DIV>&gt;Subject: [users@httpd] Re: what happen in access_log 
<DIV></DIV>&gt;Date: Thu, 2 Oct 2003 15:13:42 +0800 
<DIV></DIV>&gt;this is an email reply to last week or 2 week ago 
<DIV></DIV>&gt;it's about my /var/log/apache/access_log 
<DIV></DIV>&gt;i have read the doc about proxy 
<DIV></DIV>&gt;and disabling proxyrequest 
<DIV></DIV>&gt;this is my config: 
<DIV></DIV>&gt; ProxyRequests Off 
<DIV></DIV>&gt; <DIRECTORY proxy:*>
<DIV></DIV>&gt; Order deny,allow 
<DIV></DIV>&gt; Deny from all 
<DIV></DIV>&gt; Allow from 
<DIV></DIV>&gt;but i still get this on access_log: 
<DIV></DIV>&gt; - - [02/Oct/2003:14:43:44 +0800] "CONNECT
HTTP/1.0" 200 16163 
<DIV></DIV>&gt; - - [02/Oct/2003:14:43:55 +0800] "CONNECT
HTTP/1.0" 200 16163 
<DIV></DIV>&gt; - - [02/Oct/2003:14:44:07 +0800] "GET
HTTP/1.1" 200 16273 
<DIV></DIV>&gt; - - [02/Oct/2003:14:45:36 +0800] "GET;login=&amp;.chkP=Y&amp;.done=;;passwd=420
HTTP/1.0" 200 13555 
<DIV></DIV>&gt; - - [02/Oct/2003:14:46:49 +0800] "CONNECT
HTTP/1.0" 200 16171 
<DIV></DIV>&gt; - - [02/Oct/2003:14:47:06 +0800] "CONNECT
HTTP/1.0" 200 16147 
<DIV></DIV>&gt; - - [02/Oct/2003:14:47:36 +0800] "CONNECT
HTTP/1.0" 200 16179 
<DIV></DIV>&gt;i don't know if this is normal situation or not. 
<DIV></DIV>&gt;but, please tellme what to do... 
<DIV></DIV>&gt;Best regards, 
<DIV></DIV>&gt; Luqman &gt;&gt; 
<DIV></DIV>&gt;Tuesday, September 23, 2003, 5:58:16 PM, you wrote: 
<DIV></DIV>&gt;DMea&gt; IMHO you use mod_proxy and ProxyRequests is on
and your webserver 
<DIV></DIV>&gt;DMea&gt; is used as public proxy. 
<DIV></DIV>&gt;DMea&gt; Look into the doc: 


<DIV></DIV>&gt;DMea&gt; regards Dietmar 

<DIV></DIV>&gt;The official User-To-User support forum of the Apache HTTP
Server Project. 
<DIV></DIV>&gt;See <URL:HTTP: userslist.html>for more
<DIV></DIV>&gt;To unsubscribe, e-mail:

<DIV></DIV>&gt; " from the digest:

<DIV></DIV>&gt;For additional commands, e-mail:

<DIV></DIV>&gt; </URL:HTTP:></div><br clear=all><hr>Attention
all artisans! Sell Diwali creations online. <a href="">Register
now!</a> </html>
View raw message