1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:45 pm May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

"CONNECT" Verb in apache

Can I block this verb?

         

Noname_Nick

7:33 pm on Jul 30, 2007 (gmt 0)

10+ Year Member



I have apache (2.2) proxying to an IIS6 server. I keep getting errors from IIS "Connect not allowed". It appears that random people are trying to test a spam exploit in apache (using the connect verb). Is there any way to tell Apache to not allow the connect verb? (I would assume in the httpd.conf file).

Many thanks in advance!

jdMorgan

3:23 pm on Jul 31, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A simple way is to use the Apache core <Limit> container and a mod_access Deny from directive to return a 403-forbidden response for requests using the CONNECT method: 

<Limit CONNECT>
Deny from all
</Limit>

See Apache mod_access for information about the Order directive; If you have other Allows or Denys, you may need to integrate the above code with them.

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:45 pm May 2, 2026