homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

"CONNECT" Verb in apache
Can I block this verb?

5+ Year Member

Msg#: 3408848 posted 7:33 pm on Jul 30, 2007 (gmt 0)

I have apache (2.2) proxying to an IIS6 server. I keep getting errors from IIS "Connect not allowed". It appears that random people are trying to test a spam exploit in apache (using the connect verb). Is there any way to tell Apache to not allow the connect verb? (I would assume in the httpd.conf file).

Many thanks in advance!



WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 3408848 posted 3:23 pm on Jul 31, 2007 (gmt 0)

A simple way is to use the Apache core <Limit> container and a mod_access Deny from directive to return a 403-forbidden response for requests using the CONNECT method:

Deny from all

See Apache mod_access for information about the Order directive; If you have other Allows or Denys, you may need to integrate the above code with them.


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved