From owner-freebsd-questions@FreeBSD.ORG Thu Jun 14 01:04:09 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7D15C16A46E for ; Thu, 14 Jun 2007 01:04:09 +0000 (UTC) (envelope-from jekillen@prodigy.net) Received: from smtp102.sbc.mail.mud.yahoo.com (smtp102.sbc.mail.mud.yahoo.com [68.142.198.201]) by mx1.freebsd.org (Postfix) with SMTP id 4123113C45B for ; Thu, 14 Jun 2007 01:04:09 +0000 (UTC) (envelope-from jekillen@prodigy.net) Received: (qmail 83433 invoked from network); 14 Jun 2007 01:04:08 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=prodigy.net; h=Received:X-YMail-OSG:Mime-Version:In-Reply-To:References:Content-Type:Message-Id:Content-Transfer-Encoding:From:Subject:Date:To:X-Mailer; b=qoqs0g4r7P2vsJrFOXyNCDeijj+U54zFV0qCGLrwKPQ7vhQmdCwv3aZtxJXs2BwrDzsgznkeIEuD5HEEa3MoCwHxMcpNuEboG7DaR0ZTJoQ6GtHJqXYfGziP1RII11RzHN09FnWMzEmsXHeCMo3u2G7WimXM6TxJTQregqYcvRs= ; Received: from unknown (HELO ?75.7.236.228?) (jekillen@prodigy.net@75.7.236.228 with plain) by smtp102.sbc.mail.mud.yahoo.com with SMTP; 14 Jun 2007 01:04:08 -0000 X-YMail-OSG: 49szQ80VM1mihm92flsEm2kiNCQi0R6gEgbSYNiMA8OTOdnqL6ptQXDHWr3qK0ycFqFXNoVyo7u5h5IKLtpIqx6Y5CqHHybtnwrilIhHOYuZ7m7VSQg- Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: References: Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <11b881facfc3ab3a0469409f7750f229@prodigy.net> Content-Transfer-Encoding: 7bit From: jekillen Date: Wed, 13 Jun 2007 18:06:25 -0700 To: FreeBSD Mailing List X-Mailer: Apple Mail (2.622) Subject: Re: Apache access log shows these attack requests X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2007 01:04:09 -0000 Hello; I have not understood what the request for "-" "-" meant. Thank you, this as shed a lot of light on it. I have seen that fairly frequently in my Apache logs. But on one of my machines that serves as secondary name server I also had Apache running to serve a place holder site. It was attacked but voluminous request for that, so much so that it was causing Apache to kill processes for lack of memory. The machine does not have a lot of RAM at its disposal, so it was not too surprising. I do not run Apache on this machine, now, because of that. I would like to know how do you disallow 'no referrer' and 'no browser'? Is this a server configuration issue? I have not seen mention of this in texts on Apache, nor the manual. And queries of the Apache mailing list yielded indistinct results. I am not running a proxy on the public server. I have shell and ftp access blocked from out side. I am using php as application server. I am running several machines with FreeBSD 6.0 and 6.2 as web servers. Only one serves my public addresses. I am using Apache 1.3.x. Thanks in advance for guidance. Jeff K > 220.137.74.222 - - [12/Jun/2007:02:07:08 +1000] "CONNECT > msa-mx10.hinet.net:25 HTTP/1.0" 403 272 "-" "-" > > 403 = Permission denied. In this case, because > I disallow 'no referrer' plus 'no browser' ("-" "-") connects from > non-local addresses > blocking > heaps of rogue robots, but CONNECT requests don't work anyway in apache > 1.3 in default configuration .. older logs show 405 responses to these. >