• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Can I disable mod_proxy

J

JimDunn

Guest
PROBLEM: Hi, I have been getting "mod_proxy" messages in logwatch (below) and would like to disable mod_proxy.

SOLUTION: I know how to disable it (see below) but...

QUESTION: Is it safe to disable mod_proxy, or will I break my PLESK 8.6 on CentOS 5.1?

Thx! : )
Jim

------- httpd Begin -------
Connection attempts using mod_proxy:
81.88.124.30 -> 64.12.202.15:443: 2 Time(s)
81.88.124.30 -> 64.12.202.1:443: 1 Time(s)
81.88.124.30 -> 64.12.202.22:443: 2 Time(s)
81.88.124.30 -> 64.12.202.8:443: 1 Time(s)
405 Method Not Allowed
64.12.202.15:443: 2 Time(s)
64.12.202.1:443: 1 Time(s)
64.12.202.22:443: 2 Time(s)
64.12.202.8:443: 1 Time(s)
------- httpd End -------

---how to disable mod_proxy---
1. Disable mod_proxy
2. Disable CONNECT

1. To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf

#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so

Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf
if present.


2. It seems there is a bug somewhere so that even when mod_proxy disabled
a CONNECT attempt will return a 200 (success) status code and the contents of
your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with:

<Location />
<Limit CONNECT>
Order deny,allow
Deny from all
</Limit>
</Location>

Restart Apache.
---snip---
 
This solution poses a real security problem (.htaccess files exposed!)

DO NOT USE THE disable_connect.conf FILE.
This file uses the <location /> directive that gets evaluated last (as described in http://httpd.apache.org/docs/2.0/sections.html)... and disables some critical <files> directives in the httpd.conf that prevent .htaccess files from being exposed!

Bottom line all your .htaccess, .htpasswd, ... are shown in clear text!
 
You must log in or register to reply here.

Similar threads

flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
853
flederwiesel
flederwiesel
duy13
[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection
Replies
0
Views
4K
duy13
duy13
C
Issue "New configuration files for the Apache web server were not created due to the errors in configuration templates"
Replies
4
Views
6K
The 8th
The 8th
M
Question Jira and Plesk
Replies
0
Views
1K
MANFahrer
M
A
Issue My websites are crossing paths in either NGINX or DNS
Replies
0
Views
2K
andylehti
A
Back
Top