• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Can I disable mod_proxy

J

JimDunn

Guest
PROBLEM: Hi, I have been getting "mod_proxy" messages in logwatch (below) and would like to disable mod_proxy.

SOLUTION: I know how to disable it (see below) but...

QUESTION: Is it safe to disable mod_proxy, or will I break my PLESK 8.6 on CentOS 5.1?

Thx! : )
Jim

------- httpd Begin -------
Connection attempts using mod_proxy:
81.88.124.30 -> 64.12.202.15:443: 2 Time(s)
81.88.124.30 -> 64.12.202.1:443: 1 Time(s)
81.88.124.30 -> 64.12.202.22:443: 2 Time(s)
81.88.124.30 -> 64.12.202.8:443: 1 Time(s)
405 Method Not Allowed
64.12.202.15:443: 2 Time(s)
64.12.202.1:443: 1 Time(s)
64.12.202.22:443: 2 Time(s)
64.12.202.8:443: 1 Time(s)
------- httpd End -------

---how to disable mod_proxy---
1. Disable mod_proxy
2. Disable CONNECT

1. To disable mod_proxy comment out these lines in /etc/httpd/conf/httpd.conf

#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so

Also comment out everything in /etc/httpd/conf.d/proxy_ajp.conf
if present.


2. It seems there is a bug somewhere so that even when mod_proxy disabled
a CONNECT attempt will return a 200 (success) status code and the contents of
your index.php file. To stop this make a file called /etc/httpd/conf.d/disable_connect.conf and fill it with:

<Location />
<Limit CONNECT>
Order deny,allow
Deny from all
</Limit>
</Location>

Restart Apache.
---snip---
 
This solution poses a real security problem (.htaccess files exposed!)

DO NOT USE THE disable_connect.conf FILE.
This file uses the <location /> directive that gets evaluated last (as described in http://httpd.apache.org/docs/2.0/sections.html)... and disables some critical <files> directives in the httpd.conf that prevent .htaccess files from being exposed!

Bottom line all your .htaccess, .htpasswd, ... are shown in clear text!
 
Back
Top