Categories
Apache Hacker

Stopping “connect” attacks in apache (solution)

Then add the following right after it and restart apache to activate.

# Second, we configure the "default" Location to restrict the methods
allowed
# to stop CONNECT method attacks.
#
Order allow,deny Deny from all

I don’t like the idea of my server responding to requests for random hostnames, even if it serves local content. How can I deny these requests?

<VirtualHost *:80>
  ServerName default.only
  <Location />
    Order allow,deny
    Deny from all
  </Location>
</VirtualHost>


Leave a Reply