denying CONNECT() in httpd.conf

Discussion in 'Linux Networking' started by jack wallen, Jul 2, 2003.

  1. jack wallen

    jack wallen Guest

    i have been hit by a spammer using my server as a remailer. when
    i run the command:

    grep CONNECT /var/log/http/access_log

    i get the following output:

    24.30.199.228 - - [01/Jul/2003:05:58:14 -0400]
    "CONNECT security.rr.com:25 HTTP/1.0" 302 0 "-" "-"

    so i'm going to assume that the offender is security.rr.com (or
    someone using their server as a remailer to my server).

    so if i put the following in httpd.conf:

    Deny from security.rr.com

    would this deny anything from this address from exploiting
    the CONNECT() of apache (using version 1.3.27-1.2)?

    thanks for any help.

     
    jack wallen, Jul 2, 2003
    #1
    1. Advertisements

  2. jack wallen

    Darren Dupre Guest

    CONNECT only will work if you operating a proxy server,otherwise Apache will
    toss the request.

    FWIW, RoadRunner scans any SMTP servers that communitate with their own SMTP
    servers to look for potential spammers. If you're operating an open proxy,
    RR's SMTP server will blacklist you until you resolve the problem with
    RoadRunner Security. I get these in my logs too. Nothing to worry about
    unless you have an open proxy on your machine..
     
    Darren Dupre, Jul 3, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.