Thanks Karel,
   
  I will implement your suggestions immediately. I already blocked in my router 
the company that was making the attempt from Seattle.
   
  Many Thanks,
  -Tony

Karel Kubat <[EMAIL PROTECTED]> wrote:
  -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Tony,

On Jun 18, 2007, at 11:25 PM, Tony Anecito wrote:

> I noticed a someone was using CONNECT xxx.xxx.xxx.xxx http command 
> against Apache. I was wondering how to disable the CONNECT command 
> from executing on Apache. In a couple of entries I noticed a 
> connection from Seattle that might be a spammer so I want to 
> disable the CONNECT command from running successfully.

I'd advise you to CLOSE THIS IMMEDIATELY. Before long your site will 
be on lists of open proxies and you'll be denied traffic. And trust 
me, it's a huge pain getting off those lists. Until you fix this 
issue, don't advertize your site - there will be plenty of spambots 
checking the openness of your proxy.

See the proxy documentation, off the top of my head (check the docs, 
I can't access them now but want to leave at least a pointer) there 
are at least 3 alternatives:

# 1. If you have a reverse proxy only, you don't need to serve proxy 
requests
ProxyRequests off

or

# 2. If you have a forwarding proxy, then you must serve proxy requests.
# Use a whitelist of the systems that are allowed to do so, and close 
all
# others. I'm not sure this is the right syntax btw...

order deny, allow
deny from all
allow from 127.0.0.1


or

3. Have your proxy listen to some odd port, say 8080, set up as a 
virtual server. Allow proxy requests only in that virtual server. 
Have your internal LAN users (who use Apache as a forwarding proxy to 
get to the outside) connect to that port, but close access to the 
port from the outside on the OS level, eg. on Linux with iptables.

Hope this helps,
Karel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGdvzI23FrzRzybNURApPOAKCOtTA73RZULOmGApmFwVCeMAcOiQCfeApS
c9aeh/4r60oFTHhDGNCG6dM=
=G9Md
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



       
---------------------------------
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out. 

Reply via email to