From owner-freebsd-questions@FreeBSD.ORG  Tue Jun 12 21:20:37 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@FreeBSD.ORG
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2917E16A475
	for <freebsd-questions@FreeBSD.ORG>;
	Tue, 12 Jun 2007 21:20:37 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22])
	by mx1.freebsd.org (Postfix) with ESMTP id 8D06B13C4C5
	for <freebsd-questions@FreeBSD.ORG>;
	Tue, 12 Jun 2007 21:20:36 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from relay8.apple.com (relay8.apple.com [17.128.113.38])
	by mail-out3.apple.com (Postfix) with ESMTP id 1273D8A7DA2;
	Tue, 12 Jun 2007 14:19:30 -0700 (PDT)
Received: from relay8.apple.com (unknown [127.0.0.1])
	by relay8.apple.com (Symantec Mail Security) with ESMTP id 453874010F; 
	Tue, 12 Jun 2007 14:20:36 -0700 (PDT)
X-AuditID: 11807126-9f083bb00000081c-f4-466f0e24b2b9
Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay8.apple.com (Apple SCV relay) with ESMTP id 31CFD4007B;
	Tue, 12 Jun 2007 14:20:36 -0700 (PDT)
In-Reply-To: <NBECLJEKGLBKHHFFANMBKEICCDAA.bob@a1poweruser.com>
References: <NBECLJEKGLBKHHFFANMBKEICCDAA.bob@a1poweruser.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <2D981D7A-0303-4A4F-B17C-CEF19FEADADE@mac.com>
Content-Transfer-Encoding: 7bit
From: Chuck Swiger <cswiger@mac.com>
Date: Tue, 12 Jun 2007 14:20:35 -0700
To: bob@a1poweruser.com
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Apache access log shows these attack requests
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2007 21:20:37 -0000

On Jun 12, 2007, at 1:54 PM, Bob wrote:
> Running FBSD 6.2 + apache 13. In the apache access log I see these log
> records.  To me it looks like my apache server is servicing connect  
> requests and get
> requests to other URL's.  Is there some configuration option I can  
> turn on to stop my server from
> servicing these bogus requests?

If you have the Apache mod_proxy enabled, either configure it  
securely or disable it entirely.

Also, double-check your use of PHP-based stuff-- the security of PHP  
is sufficiently bad that it's pretty common for sites to get hacked  
if they aren't careful about securing it and updating to the latest  
versions as new security holes in PHP-based stuff are exploited.  You  
might want to run portaudit...

-- 
-Chuck