Results 1 to 6 of 6

Thread: CONNECT lines in apache access log

  1. #1
    Join Date
    Nov 2008
    Posts
    17

    Default CONNECT lines in apache access log

    Hello forum-goers!

    I'm seeing lines like this in my Apache access log:
    Code:
    58.148.15.126 - - [30/Mar/2009:15:03:28 -0400] "CONNECT www.google.com:443 HTTP/1.0" 200 2195
    58.148.15.126 - - [30/Mar/2009:15:03:28 -0400] "CONNECT www.google.com:443 HTTP/1.0" 200 2195
    58.148.15.126 - - [30/Mar/2009:15:03:28 -0400] "CONNECT mail.global.frontbridge.com:25 HTTP/1.0" 200 2195
    From what I've read, these are attempts to use my server as a mail proxy. I reproduced the line in the logs by telnet'ing into my box and sending a CONNECT request like so:

    Code:
    $ telnet www.somehost.com 80
    Trying ###.###.###.###...
    Connected to www.somehost.com.
    Escape character is '^]'.
    CONNECT www.google.com:80 HTTP/1.0
    Host: www.somehost.com
    
    <hit enter twice>
    I discovered that Apache returns a 200 response instead of the 403 I would prefer, but it serves my index.php file (the DirectoryIndex file).

    Does anyone know if/why this is a bad setup? If so, can you recommend a better way of approaching these requests?

  2. #2
    Join Date
    Jul 2007
    Location
    127.0.0.1
    Posts
    392

    Default

    Not sure how to resolve the issue with Apache, but Lighttpd appears to prevent this by default, unless it's an option I'm unfamiliar with.
    Code:
    vps6:~# telnet nullamatix.com. 80
    Trying 209.40.196.119...
    Connected to nullamatix.com.
    Escape character is '^]'.
    CONNECT www.google.com.:80 HTTP/1.0
    Connection closed by foreign host.
    vps6:~#
    Code:
    vps6:~# telnet nullamatix.com 80
    Trying 209.40.196.119...
    Connected to nullamatix.com.
    Escape character is '^]'.
    CONNECT www.google.com:80 HTTP/1.0
    Connection closed by foreign host.
    vps6:~#
    And by the way, good job with the spammy thread you troll. Why not contribute something meaningful if you're expecting answers to your questions?
    Last edited by GuyPatterson; 04-04-2009 at 09:39 PM.

  3. #3
    Join Date
    Nov 2008
    Posts
    17

    Default

    Thanks for the info about lighthttpd.

    I had to circumvent an obviously misguided forum rule. I'm sorry if I got your hopes up about a possible fourth thread on Slackware. I thought I was honest and apologetic in my message though - flames are unnecessary.

  4. #4
    Join Date
    Dec 2007
    Posts
    1,141

    Default

    Quote Originally Posted by factorial View Post
    I thought I was honest and apologetic in my message though - flames are unnecessary.
    I believe that GuyPatterson is referring to the thread "Don't bother reading this" in the Slackware forum (since deleted) in which a thread was created and replied to many times to circumvent our 15 post linking requirement.

    I deleted the thread upon determining that it did not appear to have been posted with typical spam linking intent.

  5. #5
    Join Date
    Nov 2008
    Posts
    17

    Default

    Back to the topic:

    This PHP bug seems to describe the problem, but not really a resolution: PHP Bugs: #19113: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use.

    For the time being I'm content to let CONNECT requests just serve my index file, even though this seems inappropriate. If anyone has better info, please post a reply.

  6. #6
    Join Date
    Dec 2007
    Posts
    1,141

    Default

    As the issue appears to be PHP-related, perhaps a PHP solution is in order?

    Code:
    if (
    	( $_SERVER['SERVER_PORT'] != 80 ) &&
    	( $_SERVER['SERVER_PORT'] != 443 )
    ) {
    	header("HTTP/1.0 400 Bad Request");
    	die();
    }
    You may want to simply tell clients that the request is bad outright, as (unlike the 403 Forbidden code) there will not be any option to authenticate to complete the request.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •