http connect/proxy?
i've been getting a bunch of stuff in my iptables.log from 205.209.161.158 scanning popular proxy ports (8080, 1080, 8081, 8010, 3128 etc..), but that's not really a big deal to me since all those connections just get dropped by iptables
i also checked my apache/httpd access_log and the same IP address was sending (or trying to send?) HTTP CONNECT requests through my web server and some googling tells me this is how apache is used as a proxy server… i don't want to be proxying random strangers traffic!
also, my httpd.conf has all the LoadModule lines for proxy_* modules commented out
an example from my access_log is here:
205.209.161.158 - - [17/Sep/2009:11:30:06 -0400] "CONNECT smtp.mail.yahoo.com.tw:25 HTTP/1.0" 301 298 "-" "-"
i see that apache is returning a 301 which i'm pretty sure is a redirect… if he was getting a 404 or a 403 or something, i wouldn't be so concerned…
so what should i do? or is a 301 absolutely normal for a blocked http connect request?
2 Replies
You can test this with the telnet command. Bolded items are what you type or copy/paste.
$ telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
CONNECT smtp.mail.yahoo.com.tw:25 HTTP/1.0
And press enter twice.
telnet shows a redirect to the main web page because my default in apache is a RedirectPermanent to the main webpage
that solved it