On 6/16/07, Bob <bob@xxxxxxxxxxxxxxx> wrote:
I get 100k plus of these per month. This is really stressing my server. 88.233.57.141 - - "GET http://yasann2.hp.infoseek.co.jp/cgi-bin/jenv.cgi HTTP/1.1" 404 300 "http://yasann2.hp.infoseek.co.jp/cgi-bin/jenv.cgi";
125.225.140.225 - "CONNECT 209.191.118.103:25 HTTP/1.0" 200 7034 "-" "-"
Running FBSD 6.2 + apache 1.3.37_1 and the mod_proxy is commented out. I want to add declaratives to http-conf to globally deny processing all CONNECT & GET http requests entering the server.
Start by reading: http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan You'll see that the GET requests are already being handled perfectly correctly. There is nothing more you need do (and indeed, not much more you can do even if you wanted to; you could make apache issue a 403 status code instead of 404, but it wouldn't make any difference). You should, of course, double-check that the 404 is being generated by your server and not the remote servers. You could do this, for example, by pointing your browser's proxy settings at your web server and requesting foreign sites. The CONNECT requests are slightly different. I suspect that 7034 (the size of the reponses) is actually the size of the response generated by your default index page on the site. Further, I suspect that this page is generated by php. In a default configuration, apache will respond with Method Not Allowed to CONNECT requests, but php allows any method at all through to its scripts. I believe there is a php config to allow only particular methods through. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|