I have apache (2.2) proxying to an IIS6 server. I keep getting errors from IIS "Connect not allowed". It appears that random people are trying to test a spam exploit in apache (using the connect verb). Is there any way to tell Apache to not allow the connect verb? (I would assume in the httpd.conf file).
A simple way is to use the Apache core <Limit> container and a mod_access Deny from directive to return a 403-forbidden response for requests using the CONNECT method: <Limit CONNECT> Deny from all </Limit>
See Apache mod_access for information about the Order directive; If you have other Allows or Denys, you may need to integrate the above code with them.