Subject: Re: Apache question.
To: None <kpneal@pobox.com>
From: Richard Rauch <rkr@olib.org>
List: netbsd-help
Date: 01/26/2003 04:49:21
On Sun, Jan 26, 2003 at 01:00:16AM -0500, kpneal@pobox.com wrote:
> On Sat, Jan 25, 2003 at 05:11:29AM -0600, Richard Rauch wrote:
> > I was peering through my logs, and I saw something that made me gape
> > in horror: Someone was connecting to my web-server using a CONNECT
[...]
> >
> > I had set up Apache 2 to play with. It looks like Apache declined
> > the CONNECT request, but it didn't log to error_log.
[...]
>
> <Location />
> Order allow,deny
> Deny from all
> <Limit GET PUT POST>
> Allow from all
> <Llimit>
> </Location>
You didn't answer my question if I should be concerned. Are you implying
that it *did* go through? Or is the above a "just in case" or "just to
make things explicit"?
I tried to do a hand-crafted CONNECT via a telnet to my web-server, and
it dropped the connection as soon as I sent the request. Like the two
that I saw previously in my log file: It was logged to access_log,
but did not have an error_log entry. So I assume that, like my
hand-crafted request, the two attempted forwarded mail connects
were dropped.
Is this correct?
--
"I probably don't know what I'm talking about." --rkr@olib.org