Bug su PHP/Apache

To: <linux-italia@lists.linux.it>
Cc: <debian-italian@lists.debian.org>
Subject: Bug su PHP/Apache
From: "..:: Athena - Joe Scaramucci ::.." <joe.scaramucci@athena.it>
Date: Wed, 30 Apr 2003 16:04:32 +0200
Message-id: <[🔎] FCELKLIMNLPONCJLGDIBCEHECAAA.joe.scaramucci@athena.it>

Se avete un rimedio a questo "serio" problema ...
http://bugs.php.net/bug.php?id=19113

Grazie.

Joe

  +++++++++++++++++++++++++++++++++++++++
  Athena Informatica
  PC Manufacturing and Office Automation
  Via alla Costa 4 - Vado Ligure (Savona) - ITALY
  tel +(39) (0)19 216091 Fax +(39) (0)19 2160029
  +++++++++++++++++++++++++++++++++++++++




List:     apache-httpd-users
Subject:  [users@httpd] Connect bug
From:     "..:: Athena - Joe Scaramucci ::.." <joe.scaramucci () athena !
it>
Date:     2003-04-30 13:20:32
[Download message RAW]

This is and old PHP or Apache Bug (still unsolved) about HTTP command called
"CONNECT" .
See the first announcment here (dated August 2002 !!!):
http://bugs.php.net/bug.php?id=19113

I saw my error.log rised to more than 2 Giga after 2 days (5 sites used for
the spoof/email scann).
To solve the problem I had to add a -s IP -j DROP to my firewall forward
rules and
add to http.conf :

<Location />
  <Limit CONNECT>
    Order deny,allow
    Deny from all
  </Limit>
</Location>

but this is a poor workaround though.

If you have Apache/PHP installed and the main index page is index.php
(exactly named inex.php),
the bug is probably present.

Any suggestion ?

BR

Joe



------------------------------

Date: Tue, 29 Apr 2003 18:54:35 -0300
To: <users@httpd.apache.org>
From: "netforum.com.br - Mail Host - Listserv" <netforum@netforum.com.br>
Subject: Connect
Message-ID: <000e01c30e99$ed3933c0$2800a8c0@host>

------=_NextPart_000_000B_01C30E80.C6DC1260
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

Please, how can i block this ?:

This is entry in my log.

68.192.51.106 - - [29/Apr/2003:18:42:38 -0300] "CONNECT =
mx01.earthlink.net:25 HTTP/1.0" 302 350
68.192.51.106 - - [29/Apr/2003:18:42:38 -0300] "CONNECT =
mx01.earthlink.net:25 HTTP/1.0" 302 350 "-" "-"

Apache 1.322
Win2K Server

Thanks in advance

---
  +++++++++++++++++++++++++++++++++++++++
  Athena Informatica
  PC Manufacturing and Office Automation
  Via alla Costa 4 - Vado Ligure (Savona) - ITALY
  tel +(39) (0)19 216091 Fax +(39) (0)19 2160029
  +++++++++++++++++++++++++++++++++++++++

Reply to:

Prev by Date: Re: lentezza delle finestre in kde3.1.1 [sid]
Next by Date: Re: macromedia flash
Previous by thread: Re: lentezza delle finestre in kde3.1.1 [sid]
Next by thread: Samba e stampa da shell dos
Index(es):
- Date
- Thread