Apache - Block connections

Is there a way to block the following connections?

(excerpt from access_log):

128.193.0.28 - - [05/Sep/2003:12:23:11 +1000] "CONNECT
128.193.0.28:802 HTTP/1.0" 405 300 "-" "-"
128.193.0.28 - - [05/Sep/2003:12:23:11 +1000] "POST http://128.193.0.28:802/
HTTP/1.0" 405 297 "-" "-"
203.28.38.10 - - [05/Sep/2003:12:23:15 +1000] "CONNECT
203.28.38.10:6667 HTTP/1.0" 405 300 "-" "-"
203.28.38.10 - - [05/Sep/2003:12:23:15 +1000] "POST http://203.28.38.10:6667/
HTTP/1.0" 405 297 "-" "-"

I figure there's no point in blocking by specific IP addresses, seeing as they don't seem to originate from any one IP...

Ideas?

Comments

Submitted by Husk on Sun 09/11/2003 - 19:53

It looks like apache is denying it already, Its just keeping a log of it so you know.

Submitted by nemesis on Sun 09/11/2003 - 23:07

I tried telnetting to localhost:80 and issuing 'CONNECT <some IP>' and it fed back to me the index page from hesperos.

The reason I'm trying to block it is every time it does that it shows up as another user online in the bar on the right.. (the Who's Online thing)

Submitted by sideshow on Sun 09/11/2003 - 23:48

Given that they're using HTTP/1.0 and trying to post to 6667, I'd guess it's an attempted exploit of some crappy webserver that will proxy connections. Apache is safe.

Submitted by nemesis on Wed 12/11/2003 - 11:49

Oh, I'm not terribly worried about someone exploiting the server.
I just don't like the fact that the "whos online" sidebar shows two more guests when this happens...

I'd just like the sidebar to show how many "real" users are on, u know?

Submitted by Husk on Wed 12/11/2003 - 16:26

Write your php script to parse the $_SERVER variables, if their not just accessing "/" from the server "hesperos.realmtech.net" then dont include them as a user accessing your site

Submitted by nemesis on Sat 15/11/2003 - 20:12

Okay, in case anyone was wondering.. (a solution)

In my session code I've checked the following:

- Whether the Request URI starts with "http://"
- Whether the Request Method was CONNECT

If either of the above is true, the code does not initiate a session.

All smiles now :)