• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Can I disable mod_proxy

J

JimDunn

Guest
PROBLEM: Hi, I have been getting "mod_proxy" messages in logwatch (below) and would like to disable mod_proxy.

SOLUTION: I know how to disable it (see below) but...

QUESTION: Is it safe to disable mod_proxy, or will I break my PLESK 8.6 on CentOS 5.1?

Thx! : )
Jim

------- httpd Begin -------
Connection attempts using mod_proxy:
81.88.124.30 -> 64.12.202.15:443: 2 Time(s)
81.88.124.30 -> 64.12.202.1:443: 1 Time(s)
81.88.124.30 -> 64.12.202.22:443: 2 Time(s)
81.88.124.30 -> 64.12.202.8:443: 1 Time(s)
405 Method Not Allowed
64.12.202.15:443: 2 Time(s)
64.12.202.1:443: 1 Time(s)
64.12.202.22:443: 2 Time(s)
64.12.202.8:443: 1 Time(s)
------- httpd End -------

---how to disable mod_proxy---
1. Disable mod_proxy
2. Disable CONNECT

1. To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf

#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so

Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf
if present.


2. It seems there is a bug somewhere so that even when mod_proxy disabled
a CONNECT attempt will return a 200 (success) status code and the contents of
your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with:

<Location />
<Limit CONNECT>
Order deny,allow
Deny from all
</Limit>
</Location>

Restart Apache.
---snip---
 
This solution poses a real security problem (.htaccess files exposed!)

DO NOT USE THE disable_connect.conf FILE.
This file uses the <location /> directive that gets evaluated last (as described in http://httpd.apache.org/docs/2.0/sections.html)... and disables some critical <files> directives in the httpd.conf that prevent .htaccess files from being exposed!

Bottom line all your .htaccess, .htpasswd, ... are shown in clear text!
 
You must log in or register to reply here.

Similar threads

Bitpalast
Forwarded to devs SSL auto-renewal attemps do not stop after removing cert and disabling SSL
Replies
6
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
3K
flederwiesel
flederwiesel
duy13
[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection
Replies
0
Views
5K
duy13
duy13
C
Issue "New configuration files for the Apache web server were not created due to the errors in configuration templates"
Replies
4
Views
8K
The 8th
The 8th
M
Question Jira and Plesk
Replies
0
Views
2K
MANFahrer
M
Back
Top