POST / CONNECT pairs in logs. Concern?

Forum Moderators: DixonJones

Message Too Old, No Replies

POST / CONNECT pairs in logs. Concern?

lesterofpupets

11:31 pm on Nov 23, 2005 (gmt 0)

Hello all. I get a LOT of these (and approximates of these...)

CONNECT 195.169.138.#*$!:7000 HTTP/1.0" 405 235 "-" "-"
POST [195.169.138.#*$!:7000...] HTTP/1.0" 200 1771 "-"

some are logged in the reverse order, thusly...

POST [195.35.83.#*$!:6667...] HTTP/1.0" 200 1771 "-"
CONNECT 195.35.83.xxx:6667 HTTP/1.0" 405 235 "-" "-"

Should I be concerned by this behaviour? Is there a way to disallow POST requests in Apache? I've seen how to disable them via htaccess, but none via apache conf file.

Any help greatly appreciated.
--
Lester

jdMorgan

11:54 pm on Nov 23, 2005 (gmt 0)

The CONNECTs failed, but the POSTs were successful:

405 Method Not Allowed
The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.

The methods to block POSTs in httpd.conf are identical to those used in .htaccess.

Jim

lesterofpupets

2:59 pm on Nov 30, 2005 (gmt 0)

Hmmm, I've insterted a Limit POST directive into my conf file, yet I'm still getting POST requests that get answered with a 200.

Here's a snippet from conf file

<Directory />
Options FollowSymLinks
AllowOverride None

# 2005-11-26. LKL. disallow POST requests
<Limit POST>
Order deny,allow
Deny from all
</Limit>
</Directory>