Joshua, it seems you've also covered this ground :-) before:
From "Joshua Slive" <jos...@xxxxxxxx> Subject Re: Deny CONNECT & GET http requests Date Tue, 19 Jun 2007 23:40:36 GMT On 6/19/07, Bob <bob@xxxxxxxxxxxxxxx> wrote:You are wrongReally? Interesting. Well, no actually, I'm not. But it's nice how confident you are about your knowledge on this issue., my original post showed the CONNECT requests having a 200 status code which means apache did service them successfullyAs I've told you repeatedly, php was almost certainly treating the CONNECT request just like a GET request. So the CONNECT was not succeeding in the sense of connecting to a third-party server. It was simply serving your index.php page.My book says a 500 code is a common error when a client calls a flawed CGI script.And this is not the "correct" status code. The correct status code is 403 (forbidden). But as I already said, the status code is not that important since the robots don't care. (And, in fact, the original 200 status code wasn't really a problem either unless your index.php script uses up lots of resources. So you could have just left things as they were.)I have read the php manual concerning selecting individual methods. I could not find any mention of how to tell php to limit it self to only using desired methods. A link to the php manual where it explains how to restrict php to only allow the use of selected methods would go a long way to support your view point. Providing a how to fix it post like I did is far better then a reply spouting apache dogma. Results are what count here.I'm not here to win a debate with you. I'm just here to try to help you understand how your server is working. For php configuration questions you are better off on a php list. But I have already given you explicit instructions: "I believe you can set http.allowed_methods in your php config to the list of methods php should handle. (GET and POST would be a good basic list.)" This is documented here: http://www.php.net/manual/en/ini.php As I've also already told you, your current config should be fine. But don't go recommending it to others as the proper solution when there are many cleaner and safer solutions available (and listed in the FAQ). Joshua.
-------- Original Message -------- Subject: Re: Wacko Incoming URLs in Log File From: Joshua Slive <joshua@xxxxxxxx> To: users@xxxxxxxxxxxxxxxx Date: Saturday, November 03, 2007 11:53:13 AM
On Nov 3, 2007 12:40 PM, Roger Haase <haaserd@xxxxxxxxx> wrote:About once a week or more often, I get some unusual entries in my apache log file similar to these: 159.148.97.91 - - [31/Oct/2007:23:44:31 -0700] "CONNECT 195.175.37.70:8080 HTTP/1.0" 302 102 "-" "-" 159.148.97.91 - - [31/Oct/2007:23:44:32 -0700] "CONNECT 159.148.96.222:80 HTTP/1.0" 302 102 "-" "-" 159.148.97.91 - - [31/Oct/2007:23:44:32 -0700] "GET http://www.hi.lv:80/counter1.php HTTP/1.0" 404 284 "-" "-" 159.148.97.91 - - [31/Oct/2007:23:44:33 -0700] "GET http://www.hi.lv:80/counter1.php HTTP/1.0" 404 284 "-" "-" I am in Arizona and the traffic seems to originate in Amsterdam. The www.hi.lv host apears to be in Latvia. My IP address is no where near 195.175.37.70 or 159.148.96.222. On the other occasions, the urls are from other equally strange locations and never seem to repeat. On most occasions, there is only one entry at a time. Is this misdirected internet junk that I should report to my ISP as their problem or is this a hacker attempt?See: http://wiki.apache.org/httpd/ProxyAbuse Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx