Re: How to prevent Spammer from abusing Apache?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/19/07, Bob <bob@xxxxxxxxxxxxxxx> wrote:





I posted my question with subject line 'Deny CONNECT & GET http requests'.
The replies to my post came back saying that apache defaults to denying
CONNECT requests which I was not able to verify. That mod_proxy was causing
it. I have mod-proxy commented out.



So in apache http-conf around line 340 I added the <LimitExcept GET POST>


Sorry, I don't mind if you use that config yourself, but I really
can't accept you recommending that to others as the proper solution.

I have already pointed to several better techniques:
1. Properly configuring the module that is responding to CONNECT
requests (php in your case) not to handle them.
2. The default virtual host config listed here:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#proxyscan
will deny all proxy-type requests.

Joshua.




Declarative like this to the default directory definition so it looks like
this.



<Directory />

    Options FollowSymLinks

    AllowOverride None

    Order allow,deny

    Allow from all

    <LimitExcept GET POST>

       Require valid-user

    </LimitExcept>

</Directory>



Now the access log shows this



61.228.120.228 - - [17/Jun/2007:22:42:49 -0400] "CONNECT 66.196.97.250:25
HTTP/1.0" 500 602 "-" "-"



And the error.log shows this



[Sun Jun 17 22:42:49 2007] [crit] [client 61.228.120.228] configuration
error:  couldn't perform authentication. AuthType not set!: /





As you can see the CONNECT request is now being denied with a 500.

The CONNECT requests have been stopped from attacking others.



I hope this is the kind of solution you were looking for.











-----Original Message-----
 From: Tony Anecito [mailto:adanecito@xxxxxxxxx]
 Sent: Monday, June 18, 2007 5:25 PM
 To: users@xxxxxxxxxxxxxxxx
 Subject:  How to prevent Spammer from abusing Apache?




Hi All,



I noticed a someone was using CONNECT xxx.xxx.xxx.xxx http command against
Apache. I was wondering how to disable the CONNECT command from executing on
Apache. In a couple of entries I noticed a connection from Seattle that
might be a spammer so I want to disable the CONNECT command from running
successfully.



Thanks,

-Tony


 ________________________________


Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on,
when.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux