From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 16 02:49:04 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@FreeBSD.ORG
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1B88616A41F
	for <freebsd-questions@FreeBSD.ORG>;
	Sat, 16 Jun 2007 02:49:04 +0000 (UTC)
	(envelope-from bob@a1poweruser.com)
Received: from mta15.adelphia.net (mta15.mail.adelphia.net [68.168.78.77])
	by mx1.freebsd.org (Postfix) with ESMTP id 9599513C447
	for <freebsd-questions@FreeBSD.ORG>;
	Sat, 16 Jun 2007 02:49:03 +0000 (UTC)
	(envelope-from bob@a1poweruser.com)
Received: from laptop ([76.190.225.105]) by mta15.adelphia.net
	(InterMail vM.6.01.05.04 201-2131-123-105-20051025) with SMTP
	id <20070616024903.VKAH3928.mta15.adelphia.net@laptop>
	for <freebsd-questions@FreeBSD.ORG>; Fri, 15 Jun 2007 22:49:03 -0400
From: "Bob" <bob@a1poweruser.com>
To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG>
Date: Fri, 15 Jun 2007 22:49:01 -0400
Message-ID: <NBECLJEKGLBKHHFFANMBEEKJCDAA.bob@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Cc: 
Subject: stopping "connect" attacks in apache
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: bob@a1poweruser.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jun 2007 02:49:04 -0000

Every time my apache server slows down or has denial of service the access
log is full this

61.228.122.220 -  "CONNECT 66.196.97.250:25 HTTP/1.0" 200 7034 "-" "-"
61.228.122.220 -  "CONNECT 216.39.53.3:25 HTTP/1.0" 200 7034 "-" "-"
61.228.122.220 -  "CONNECT 216.39.53.1:25 HTTP/1.0" 200 7034 "-" "-"
61.228.122.220 -  "CONNECT 168.95.5.155:25 HTTP/1.0" 200 7034 "-" "-"
61.228.122.220 -  "CONNECT 168.95.5.157:25 HTTP/1.0" 200 7034 "-" "-"
61.228.122.220 -  "CONNECT 168.95.5.159:25 HTTP/1.0" 200 7034 "-" "-"


I think I can stop this by adding this to my httpd-config

SetEnvIf  THE_REQUEST CONNECT* drop
<Directory "/usr/local/www/data">
order allow,deny
allow from all
deny from env=drop
</Directory>


Am I on the correct solutions here?