[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Apache log "CONNECT a.b.c.d:25" "200" (fwd)
> ok, I found this in my personal archive,
> and the link is even still vaild:
> Bug #19113
> HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use
> Lars Ellenberg
Thankyou Lars for your help!
I have looked at the bug report, and applied the
following 'patch' to httpd.conf, after my DocRoot Directory
This is followed by another Directory listing to deny access
to the rest of my srv docs.
I only want to allow access to the root directory, so others
can get my site homepage by just entering the domain name
of the machine.
Allow from all
# remove the CONNECT bug #
Deny from all
# end of httpd.conf
However, when I do
karsites:/home/keith # telnet localhost 80
telnet: connect to address ::1: Connection refused
Connected to localhost.
Escape character is '^]'.
CONNECT 127.0.0.1:80 HTTP/1.0
Without the fix to limit CONNECT, I get the raw source code
from my DirectoryIndex page, karsites.hml
With the patch applied to httpd.conf I get the following:
HTTP/1.1 403 Forbidden
Date: Sat, 28 Feb 2004 15:07:07 GMT
Server: Apache/1.3.26 (Linux/SuSE)
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
You don't have permission to access /
on this server.<P>
<ADDRESS>Apache/1.3.26 Server at <A
Connection closed by foreign host.
Which is just the source code for the Apache generated error
The access_log now records the correct details -
127.0.0.1 - - [28/Feb/2004:15:34:27 +0000] "CONNECT
127.0.0.1:80 HTTP/1.0" 403 311
NB is it possible for an attacker to ftp to my machine, and
use the above technique to download the source code of my
Kind Regards - Keith Roberts
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here