From owner-freebsd-questions@FreeBSD.ORG Tue Jun 12 20:54:49 2007 Return-Path: X-Original-To: freebsd-questions@FreeBSD.ORG Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0550A16A46E for ; Tue, 12 Jun 2007 20:54:49 +0000 (UTC) (envelope-from bob@a1poweruser.com) Received: from mta11.adelphia.net (mta11.adelphia.net [68.168.78.205]) by mx1.freebsd.org (Postfix) with ESMTP id BA0D513C4BF for ; Tue, 12 Jun 2007 20:54:48 +0000 (UTC) (envelope-from bob@a1poweruser.com) Received: from laptop ([76.190.225.105]) by mta11.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20070612205447.TKPS3934.mta11.adelphia.net@laptop> for ; Tue, 12 Jun 2007 16:54:47 -0400 From: "Bob" To: "freebsd-questions@FreeBSD. ORG" Date: Tue, 12 Jun 2007 16:54:47 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Cc: Subject: Apache access log shows these attack requests X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bob@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2007 20:54:49 -0000 Running FBSD 6.2 + apache 13. In the apache access log I see these log records. To me it looks like my apache server is servicing connect requests and get requests to other URL's. Is there some configuration option I can turn on to stop my server from servicing these bogus requests? 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:18 -0400] "CONNECT 220.1 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:19 -0400] "CONNECT 220.1 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:20 -0400] "CONNECT 220.1 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:38 -0400] "CONNECT 220.1 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:38 -0400] "CONNECT 220.1 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:39 -0400] "CONNECT 220.1 kaista.fi - - [03/May/2007:01:35:44 -0400] "GET http://pro_xy.t35.com/AZ.php HTT kaista.fi - - [03/May/2007:01:35:45 -0400] "GET http://pro_xy.t35.com/AZ.php H 12.40.60.226 - - [04/May/2007:05:30:14 -0400] "GET http://www2.andrews.edu/~bidw 12.40.60.226 - - [04/May/2007:05:30:15 -0400] "GET http://www.anonymitytest.com/ 217.194.139.131 - - [08/May/2007:05:22:03 -0400] "GET http://pro_xy.t35.com/AZ.p 217.194.139.131 - - [08/May/2007:05:22:12 -0400] "GET http://pro_xy.t35.com/AZ.p 62.159.66.106 - - [09/May/2007:23:57:42 -0400] "GET http://pro_xy.t35.com/AZ.php 62.159.66.106 - - [09/May/2007:23:57:42 -0400] "GET http://pro_xy.t35.com/AZ.php r - - [10/May/2007:09:42:40 -0400] "\x04\x01\x1a\vE\x10\xac\"" 400 - "-" "-" r - - [10/May/2007:09:42:50 -0400] "\x05\x01" 200 7036 "-" "- 89.196.37.169 - - [15/May/2007:02:50:21 -0400] "GET http://www.internetsec.org/a 89.196.37.169 - - [15/May/2007:02:50:37 -0400] "\x04\x01" 200 7036 "-" "-" 89.196.37.169 - - [15/May/2007:02:50:52 -0400] "\x05\x01" 200 7036 "-" "-" 89.196.21.158 - - [21/May/2007:06:17:46 -0400] "GET http://thecric.free.fr/AZenv 89.196.21.158 - - [21/May/2007:06:18:02 -0400] "\x04\x01" 200 7036 "-" "-" 89.196.21.158 - - [21/May/2007:06:18:17 -0400] "\x05\x01" 200 7036 "-" "-" host37.kaisha.co.uk - - [10/Jun/2007:15:27:52 -0400] "GET http://pro_xy.t35.com/ host37.kaisha.co.uk - - [10/Jun/2007:15:27:53 -0400] "GET http://pro_xy.t35.com/