What does it mean when logwatch says: Connection attempts using mod_proxy: 222.208.183.218 - www.google.com:443: 5 Time(s)

Computer Tips - What does it mean when logwatch says: Connection attempts using mod_proxy: 222.208.183.218 - www.google.com:443: 5 Time(s)

Date: 2009may29 OS: Linux Product: Apache Q. What does it mean when logwatch says: Connection attempts using mod_proxy: 222.208.183.218 -> www.google.com:443: 5 Time(s) A. Its not good. It means a remote program is trying to go thru your Apache server to another site (google in this case). To prevent this do the following: 1. Disable mod_proxy 2. Disable CONNECT 1. To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf

#LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so

Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf if present. 2. It seems there is a bug somewhere so that even when mod_proxy disabled a CONNECT attempt will return a 200 (success) status code and the contents of your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with: Apache 2.4

<Location /> <Limit CONNECT> Require all denied </Limit> </Location>

Apache 2.2

<Location /> <Limit CONNECT> Order deny,allow Deny from all </Limit> </Location>

Restart Apache.