Re: [users@httpd] limit CONNECT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/21/05, Bohumil Holubec <bozek@xxxxxxx> wrote:
> I allready tried it but with no effects.
> In apache2.conf i have:
> #LoadModule proxy_module                  modules/mod_proxy.so
> #LoadModule proxy_connect_module          modules/mod_proxy_connect.so
> #LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so
> #LoadModule proxy_http_module            modules/mod_proxy_http.so
> 
> and response on telnet is still HTTP/1.1 200

I agree that the fact the <Limit FOO> ...</Limit> winds up unsetting
the restrictions on other methods is somewhat unfortunate.  But that
ain't gonna be fixed any time soon.

Here are some alternatives:
- Put your <Limit> inside a <Directory> section, rather than a
<Location> section.  This will ensure that it is processed before the
<Files> section.  You'll just need to be careful about it getting
overriden.
- Tell you PHP scripts to deny the CONNECT method.  Apache won't serve
them itself.  It is only because PHP gobbles up all methods that this
is an issue.
- Just ignore it.  The CONNECT method is probably being treated just
like a GET by your php scripts.  Hence it isn't doing any harm and can
be safely ignored.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux