RE: [users@httpd] limit CONNECT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] limit CONNECT
From: Bohumil Holubec <bozek@xxxxxxx>
Date: Wed, 22 Jun 2005 10:19:16 +0200 (CEST)
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <8C29B2F93BAE9047A906EF6D6F9C5D4330766E@xxxxxxxxxxxxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
References: <8C29B2F93BAE9047A906EF6D6F9C5D4330766E@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Im not sure how to use this. Now I have in apache2.conf:
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteLog /var/log/apache2/rewrite.log
    RewriteCond %{REQUEST_METHOD} =CONNECT
    RewriteRule .* - [F]
</IfModule>

server-info writes:
Module Name: mod_rewrite.c
Content handlers: yes

Configuration Phase Participation: Create Directory Config, MergeDirectory Configs, Create Server Config, Merge Server Configs

Request Phase Participation: Translate Path, Check Type, Fixups
Module Directives:
	RewriteEngine - On or Off to enable or disable (default) the whole
	rewriting engine
	RewriteOptions - List of option strings to set
	RewriteBase - the base URL of the per-directory context
	RewriteCond - an input string and a to be applied regexp-pattern
	RewriteRule - an URL-applied regexp-pattern and a substitution URL
	RewriteMap - a mapname and a filename
	RewriteLock - the filename of a lockfile used for inter-process
	synchronization
	RewriteLog - the filename of the rewriting logfile
	RewriteLogLevel - the level of the rewriting logfile verbosity (0=none, 1=std, .., 9=max)
Current Configuration:
	RewriteEngine on
	RewriteLog /var/log/apache2/rewrite.log
	RewriteCond %{REQUEST_METHOD} =CONNECT
	RewriteRule .* - [F]

but when i try it with telnet, CONNECT still works and rewrite.log isempty.




On Wed, 22 Jun 2005, Axel-Stéphane  SMORGRAV wrote:

Maybe you could try:

RewriteCond %{REQUEST_METHOD} =CONNECT
RewriteRule .* - [F]

You would need mod_rewrite for this.

-ascs

-----Original Message-----
From: Bohumil Holubec [mailto:bozek@xxxxxxx]
Sent: Tuesday, June 21, 2005 5:53 PM
To: users@xxxxxxxxxxxxxxxx; Joshua Slive
Subject: Re: [users@httpd] limit CONNECT

Thank you but in <directory> directive it doesnt work and i need that because some providers when i register new web e-mail they testing this connect...

On Tue, 21 Jun 2005, Joshua Slive wrote:

On 6/21/05, Bohumil Holubec <bozek@xxxxxxx> wrote:

I allready tried it but with no effects.
In apache2.conf i have:
#LoadModule proxy_module                  modules/mod_proxy.so
#LoadModule proxy_connect_module          modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so
#LoadModule proxy_http_module            modules/mod_proxy_http.so

and response on telnet is still HTTP/1.1 200


I agree that the fact the <Limit FOO> ...</Limit> winds up unsetting
the restrictions on other methods is somewhat unfortunate.  But that
ain't gonna be fixed any time soon.

Here are some alternatives:
- Put your <Limit> inside a <Directory> section, rather than a
<Location> section.  This will ensure that it is processed before the
<Files> section.  You'll just need to be careful about it getting
overriden.
- Tell you PHP scripts to deny the CONNECT method.  Apache won't serve
them itself.  It is only because PHP gobbles up all methods that this
is an issue.
- Just ignore it.  The CONNECT method is probably being treated just
like a GET by your php scripts.  Hence it isn't doing any harm and can
be safely ignored.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Follow-Ups:
- RE: [users@httpd] limit CONNECT
  - From: Bohumil Holubec

References:
- RE: [users@httpd] limit CONNECT
  - From: Axel-Stéphane SMORGRAV

Prev by Date: Re: [users@httpd] How to close connection instead of sending 403?
Next by Date: RE: [users@httpd] WAP .htaccess authentication
Previous by thread: RE: [users@httpd] limit CONNECT
Next by thread: RE: [users@httpd] limit CONNECT
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]