Dave's Brain

Browse - Computer Tips - What does it mean when logwatch says: Connection attempts using mod_proxy: 222.208.183.218 - www.google.com:443: 5 Time(s)

Date: 2009may29
OS: Linux

Q.  What does it mean when logwatch says: Connection attempts using mod_proxy: 222.208.183.218 -> www.google.com:443: 5 Time(s)

A.  Its not good.  It means a remote program is trying to go thru
your Apache server to another site (google in this case).

To prevent this do the following:

1.  Disable mod_proxy
2.  Disable CONNECT 

1.  To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf

#LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so
Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf if present. 2. It seems there is a bug somewhere so that even when mod_proxy disabled a CONNECT attempt will return a 200 (success) status code and the contents of your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with:
<Location /> <Limit CONNECT> Order deny,allow Deny from all </Limit> </Location>
Restart Apache.

Add a comment

Sign in to add a comment
Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.