Date: 2009may29
OS: Linux
Q. What does it mean when logwatch says this:
Connection attempts using mod_proxy:
222.208.183.218 -> www.google.com:443: 5 Time(s)
A. Its not good. It means a remote program is trying to go thru
your Apache server to another site (google in this case).
To prevent this do the following:
1. Disable mod_proxy
2. Disable CONNECT
1. To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf
if present.
2. It seems there is a bug somewhere so that even when mod_proxy disabled
a CONNECT attempt will return a 200 (success) status code and the contents of
your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with:
<Location />
<Limit CONNECT>
Order deny,allow
Deny from all
</Limit>
</Location>
Restart Apache.
| What this info useful to you? You can donate to say thanks |
Add a comment
Sign in to add a comment