On Sun, Jan 26, 2003 at 01:00:16AM -0500, kpneal@pobox.com wrote:
> On Sat, Jan 25, 2003 at 05:11:29AM -0600, Richard Rauch wrote:
> > I was peering through my logs, and I saw something that made me gape
> > in horror: Someone was connecting to my web-server using a CONNECT
 [...]
> > 
> > I had set up Apache 2 to play with.  It looks like Apache declined
> > the CONNECT request, but it didn't log to error_log.
 [...]
> 
> <Location />
> Order allow,deny
> Deny from all
>  <Limit GET PUT POST>
>  Allow from all
>  <Llimit>
> </Location>

You didn't answer my question if I should be concerned.  Are you implying
that it *did* go through?  Or is the above a "just in case" or "just to
make things explicit"?

I tried to do a hand-crafted CONNECT via a telnet to my web-server, and
it dropped the connection as soon as I sent the request.  Like the two
that I saw previously in my log file: It was logged to access_log,
but did not have an error_log entry.  So I assume that, like my
hand-crafted request, the two attempted forwarded mail connects
were dropped.


Is this correct?


-- 
  "I probably don't know what I'm talking about."  --rkr@olib.org