Deny CONNECT & GET http requests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I get 100k plus of these per month. This is really stressing my server.

88.233.57.141 - - "GET http://yasann2.hp.infoseek.co.jp/cgi-bin/jenv.cgi
HTTP/1.1" 404 300 "http://yasann2.hp.infoseek.co.jp/cgi-bin/jenv.cgi";
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
88.233.57.141 - - "GET http://66.197.42.23/cgi-bin/jenv.cgi HTTP/1.1" 404
300 "http://66.197.42.23/cgi-bin/jenv.cgi"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1)"
217.15.9.13 - -   "GET http://217.15.9.13:80/sex/fuck/porn/judge.php
HTTP/1.1" 404 307 "http://217.15.9.13:80/sex/fuck/porn/judge.php";
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
217.15.9.13 - -   "GET http://217.15.9.13:80/sex/fuck/porn/judge.php
HTTP/1.1" 404 307 "http://217.15.9.13:80/sex/fuck/porn/judge.php";
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
216.90.33.33 - -  "GET http://pro_xy.t35.com/AZ.php HTTP/1.1" 404 290
"http://pro_xy.t35.com/AZ.php"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1)"
216.90.33.33 - -  "GET http://pro_xy.t35.com/AZ.php HTTP/1.1" 404 290
"http://pro_xy.t35.com/AZ.php"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1)"
83.233.169.111 - -"GET http://www.ed.ac.uk/cgi-bin/env.cgi HTTP/1.1" 404 299
"http://www.ed.ac.uk/cgi-bin/env.cgi"; "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1)"
83.233.169.111 - -"GET http://www.bsnoop.de/cgi-bin/jenv.cgi HTTP/1.1" 404
300 "http://www.bsnoop.de/cgi-bin/jenv.cgi"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1)"
84.178.171.91 - - "GET http://anonymous-judge.no-ip.org/azenv.php HTTP/1.1"
404 293 "http://anonymous-judge.no-ip.org/azenv.php"; "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
84.178.171.91 - - "GET http://www.proxyworld.org/azenv.php HTTP/1.1" 404 293
"http://www.proxyworld.org/azenv.php"; "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1)"
91.92.179.187 - - "GET http://www.internetsec.org/azenv.php HTTP/1.1" 404
293 "http://www.internetsec.org/azenv.php"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1)"
91.92.179.187 - - "GET http://sevy.eu.org/azenv.php HTTP/1.1" 404 293
"http://sevy.eu.org/azenv.php"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1)"
99.243.241.161 - -"GET http://www.anonymitytest.com/cgi-bin/azenv.pl
HTTP/1.1" 404 300 "http://www.anonymitytest.com/cgi-bin/azenv.pl";
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
99.243.241.161 - -"GET http://www.ipmaster.org/cgi-bin/textenv.pl HTTP/1.1"
404 302 "http://www.ipmaster.org/cgi-bin/textenv.pl"; "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"
71.145.170.187 - -"GET http://www.anonymitytest.com/cgi-bin/azenv.pl
HTTP/1.1" 404 300 "http://www.anonymitytest.com/cgi-bin/azenv.pl";
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
71.145.170.187 - -"GET http://www.anonymitytest.com/cgi-bin/textenv.pl
HTTP/1.1" 404 302 "http://www.anonymitytest.com/cgi-bin/textenv.pl";
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
125.225.140.225 - "CONNECT 209.191.118.103:25 HTTP/1.0" 200 7034 "-" "-"
125.225.140.225 - "CONNECT 68.142.237.182:25 HTTP/1.0" 200 7034 "-" "-"
125.225.140.225 - "CONNECT 216.39.53.2:25 HTTP/1.0" 200 7034 "-" "-"
125.225.140.225 - "CONNECT 168.95.5.145:25 HTTP/1.0" 200 7034 "-" "-"
125.225.140.225 - "CONNECT 168.95.5.212:25 HTTP/1.0" 200 7034 "-" "-"
125.225.140.225 - "CONNECT 168.95.5.140:25 HTTP/1.0" 200 7034 "-" "-"
61.228.127.171 - -"CONNECT 209.191.118.103:25 HTTP/1.0" 200 7034 "-" "-"
61.228.127.171 - -"CONNECT 216.39.53.3:25 HTTP/1.0" 200 7034 "-" "-"
61.228.127.171 - -"CONNECT 216.39.53.2:25 HTTP/1.0" 200 7034 "-" "-"
61.228.127.171 - -"CONNECT 168.95.5.209:25 HTTP/1.0" 200 7034 "-" "-"
61.228.127.171 - -"CONNECT 168.95.5.214:25 HTTP/1.0" 200 7034 "-" "-"
61.228.127.171 - -"CONNECT 168.95.5.252:25 HTTP/1.0" 200 7034 "-" "-"

Running FBSD 6.2 + apache 1.3.37_1 and the mod_proxy is commented out.

I want to add declaratives to http-conf to globally deny processing
all CONNECT & GET http requests entering the server.


SetEnvIf  THE_REQUEST CONNECT* drop
SetEnvIf  THE_REQUEST GET http:* drop

<Directory />
 order allow,deny
 allow from all
 deny from env=drop
 </Directory>


My question is will the above declaratives do what I want?
Need expert review.

Thanks all









---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux