• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Can I disable mod_proxy

J

JimDunn

Guest
PROBLEM: Hi, I have been getting "mod_proxy" messages in logwatch (below) and would like to disable mod_proxy.

SOLUTION: I know how to disable it (see below) but...

QUESTION: Is it safe to disable mod_proxy, or will I break my PLESK 8.6 on CentOS 5.1?

Thx! : )
Jim

------- httpd Begin -------
Connection attempts using mod_proxy:
81.88.124.30 -> 64.12.202.15:443: 2 Time(s)
81.88.124.30 -> 64.12.202.1:443: 1 Time(s)
81.88.124.30 -> 64.12.202.22:443: 2 Time(s)
81.88.124.30 -> 64.12.202.8:443: 1 Time(s)
405 Method Not Allowed
64.12.202.15:443: 2 Time(s)
64.12.202.1:443: 1 Time(s)
64.12.202.22:443: 2 Time(s)
64.12.202.8:443: 1 Time(s)
------- httpd End -------

---how to disable mod_proxy---
1. Disable mod_proxy
2. Disable CONNECT

1. To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf

#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so

Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf
if present.


2. It seems there is a bug somewhere so that even when mod_proxy disabled
a CONNECT attempt will return a 200 (success) status code and the contents of
your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with:

<Location />
<Limit CONNECT>
Order deny,allow
Deny from all
</Limit>
</Location>

Restart Apache.
---snip---
 
This solution poses a real security problem (.htaccess files exposed!)

DO NOT USE THE disable_connect.conf FILE.
This file uses the <location /> directive that gets evaluated last (as described in http://httpd.apache.org/docs/2.0/sections.html)... and disables some critical <files> directives in the httpd.conf that prevent .htaccess files from being exposed!

Bottom line all your .htaccess, .htpasswd, ... are shown in clear text!
 
Back
Top