1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Can I disable mod_proxy

Discussion in 'Plesk for Linux - 8.x and Older' started by JimDunn, Feb 3, 2010.

  1. JimDunn

    JimDunn Guest

    0
     
    PROBLEM: Hi, I have been getting "mod_proxy" messages in logwatch (below) and would like to disable mod_proxy.

    SOLUTION: I know how to disable it (see below) but...

    QUESTION: Is it safe to disable mod_proxy, or will I break my PLESK 8.6 on CentOS 5.1?

    Thx! : )
    Jim

    ------- httpd Begin -------
    Connection attempts using mod_proxy:
    81.88.124.30 -> 64.12.202.15:443: 2 Time(s)
    81.88.124.30 -> 64.12.202.1:443: 1 Time(s)
    81.88.124.30 -> 64.12.202.22:443: 2 Time(s)
    81.88.124.30 -> 64.12.202.8:443: 1 Time(s)
    405 Method Not Allowed
    64.12.202.15:443: 2 Time(s)
    64.12.202.1:443: 1 Time(s)
    64.12.202.22:443: 2 Time(s)
    64.12.202.8:443: 1 Time(s)
    ------- httpd End -------

    ---how to disable mod_proxy---
    1. Disable mod_proxy
    2. Disable CONNECT

    1. To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf

    #LoadModule proxy_module modules/mod_proxy.so
    #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
    #LoadModule proxy_http_module modules/mod_proxy_http.so
    #LoadModule proxy_connect_module modules/mod_proxy_connect.so

    Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf
    if present.


    2. It seems there is a bug somewhere so that even when mod_proxy disabled
    a CONNECT attempt will return a 200 (success) status code and the contents of
    your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with:

    <Location />
    <Limit CONNECT>
    Order deny,allow
    Deny from all
    </Limit>
    </Location>

    Restart Apache.
    ---snip---
     
  2. NunoJPVP

    NunoJPVP New Pleskian

    12
    55%
    Joined:
    Dec 14, 2011
    Messages:
    1
    Likes Received:
    0
    This solution poses a real security problem (.htaccess files exposed!)

    DO NOT USE THE disable_connect.conf FILE.
    This file uses the <location /> directive that gets evaluated last (as described in http://httpd.apache.org/docs/2.0/sections.html)... and disables some critical <files> directives in the httpd.conf that prevent .htaccess files from being exposed!

    Bottom line all your .htaccess, .htpasswd, ... are shown in clear text!
     
Loading...