HTTP/1.1 200 OK TINTE / HELLO/1.0 --> HTTP/1.1 200 OK I can't believe this. Please tell me this is a feature and there is a way to turn this off. Also, please explain to me why this so-called feature is turned on by default. Well, there might be some reasons to introduce a new request method or even a new http-like protocol and that /index.php can handle this but this shouldn't be allowed by default. Thanks in advance. Previous Comments: ------------------------------------------------------------------------ [2003-08-06 19:38:21] arafuse at bcexplorers dot com I had to take the code a little further. I don't have mod_proxy/mod_rewrite installed, and I keep getting the following in the log files: 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" System: apache 1.3.28, php 4.3.1, RH7.3 ======================================================== ======================================================== ------------------------------------------------------------------------ [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca I have also replicated this issue slack 9.0. 1.3.27 / 4.3.2 I have also applied the above fix I has stopped the issue until php releases the fix ------------------------------------------------------------------------ [2003-06-19 20:10:30] fallenmatt at yahoo dot com this is my temporally fix: i put it in an include file with a nice body (coppied from apache response to connect) and include it on top of index.php files for each virtual server: you should probably use $_SERVER[] instead... and no empty lines in your include file, otherwise header() gets confused ------------------------------------------------------------------------ [2003-06-19 09:47:51] fallenmatt at yahoo dot com i found this bug affecting my servers too. the severity of it is that spammers scan for open proxies and then don't check that they get smtp connection back, anything that's succesfull request puts the address on their proxy list. the result: i've got basically denial of service attack. My server was getting thousands of requests ("connect x.x.x.x:25) per hours, sometimes hundreds per minute. SInce it does a lot of mysql querries my database gaved up and started throwing can't connect to database errors. it is still a persistent problem. for a time being i check my counters and whenever i get large number of requests from same ip address i just ban it on my firewall. that is not a good sollution so still looking for a way to really fix it. ------------------------------------------------------------------------ [2003-06-03 22:47:22] php_new at jdc dot parodius dot com I don't use mod_perl. The only third-party module I use besides mod_php is mod_watch, which is not the core of the problem (I've tried removing it; same result). Without mod_php installed, this problem disappears. List of modules loaded: Loaded Modules mod_watch, mod_php4, mod_setenvif, mod_so, mod_usertrack, mod_headers, mod_expires, mod_auth_db, mod_auth, mod_access, mod_alias, mod_userdir, mod_actions, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_mime, mod_log_config, mod_env, mod_mmap_static, http_core SERVER_SOFTWARE Apache/1.3.27 (Unix) mod_watch/3.17 PHP/4.3.2RC4 If I open up an Apache bug report, there is going to be a lot of finger-pointing. Are we sure we want to do this? Is it at all possible to get the PHP developers to open a report about this problem rather than the end-user? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at [url]http://bugs.php.net/19113[/url] -- Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url] [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => messi at toxis dot com [ip] => php-bugs@lists. [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 2 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> HTTP/1.1 200 OK TINTE / HELLO/1.0 --> HTTP/1.1 200 OK I can't believe this. Please tell me this is a feature and there is a way to turn this off. Also, please explain to me why this so-called feature is turned on by default. Well, there might be some reasons to introduce a new request method or even a new http-like protocol and that /index.php can handle this but this shouldn't be allowed by default. Thanks in advance. ------------------------------------------------------------------------ [2003-08-06 19:38:21] arafuse at bcexplorers dot com I had to take the code a little further. I don't have mod_proxy/mod_rewrite installed, and I keep getting the following in the log files: 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" System: apache 1.3.28, php 4.3.1, RH7.3 ======================================================== ======================================================== ------------------------------------------------------------------------ [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca I have also replicated this issue slack 9.0. 1.3.27 / 4.3.2 I have also applied the above fix I has stopped the issue until php releases the fix ------------------------------------------------------------------------ [2003-06-19 20:10:30] fallenmatt at yahoo dot com this is my temporally fix: i put it in an include file with a nice body (coppied from apache response to connect) and include it on top of index.php files for each virtual server: you should probably use $_SERVER[] instead... and no empty lines in your include file, otherwise header() gets confused ------------------------------------------------------------------------ [2003-06-19 09:47:51] fallenmatt at yahoo dot com i found this bug affecting my servers too. the severity of it is that spammers scan for open proxies and then don't check that they get smtp connection back, anything that's succesfull request puts the address on their proxy list. the result: i've got basically denial of service attack. My server was getting thousands of requests ("connect x.x.x.x:25) per hours, sometimes hundreds per minute. SInce it does a lot of mysql querries my database gaved up and started throwing can't connect to database errors. it is still a persistent problem. for a time being i check my counters and whenever i get large number of requests from same ip address i just ban it on my firewall. that is not a good sollution so still looking for a way to really fix it. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at [url]http://bugs.php.net/19113[/url] -- Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url] [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => uhlar at fantomas dot sk [ip] => php-bugs@lists. [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 3 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> HTTP/1.1 200 OK TINTE / HELLO/1.0 --> HTTP/1.1 200 OK I can't believe this. Please tell me this is a feature and there is a way to turn this off. Also, please explain to me why this so-called feature is turned on by default. Well, there might be some reasons to introduce a new request method or even a new http-like protocol and that /index.php can handle this but this shouldn't be allowed by default. Thanks in advance. ------------------------------------------------------------------------ [2003-08-06 19:38:21] arafuse at bcexplorers dot com I had to take the code a little further. I don't have mod_proxy/mod_rewrite installed, and I keep getting the following in the log files: 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" System: apache 1.3.28, php 4.3.1, RH7.3 ======================================================== ======================================================== ------------------------------------------------------------------------ [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca I have also replicated this issue slack 9.0. 1.3.27 / 4.3.2 I have also applied the above fix I has stopped the issue until php releases the fix ------------------------------------------------------------------------ [2003-06-19 20:10:30] fallenmatt at yahoo dot com this is my temporally fix: i put it in an include file with a nice body (coppied from apache response to connect) and include it on top of index.php files for each virtual server: you should probably use $_SERVER[] instead... and no empty lines in your include file, otherwise header() gets confused ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at [url]http://bugs.php.net/19113[/url] -- Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url] [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => messi at toxis dot com [ip] => php-bugs@lists. [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 4 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> HTTP/1.1 200 OK TINTE / HELLO/1.0 --> HTTP/1.1 200 OK I can't believe this. Please tell me this is a feature and there is a way to turn this off. Also, please explain to me why this so-called feature is turned on by default. Well, there might be some reasons to introduce a new request method or even a new http-like protocol and that /index.php can handle this but this shouldn't be allowed by default. Thanks in advance. ------------------------------------------------------------------------ [2003-08-06 19:38:21] arafuse at bcexplorers dot com I had to take the code a little further. I don't have mod_proxy/mod_rewrite installed, and I keep getting the following in the log files: 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" System: apache 1.3.28, php 4.3.1, RH7.3 ======================================================== ======================================================== ------------------------------------------------------------------------ [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca I have also replicated this issue slack 9.0. 1.3.27 / 4.3.2 I have also applied the above fix I has stopped the issue until php releases the fix ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at [url]http://bugs.php.net/19113[/url] -- Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url] [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => chipster at norlug dot org [ip] => php-bugs@lists. [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 5 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> #19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use - PHP Development

#19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use - PHP Development

ID: 19113 Comment by: arafuse at bcexplorers dot com Reported By: php_new at jdc dot parodius dot com Status: Bogus Bug Type: Apache related Operating System: FreeBSD PHP Version: 4.3.2-dev New Comment: I had to take the code a little further. I don't have mod_proxy/mod_rewrite installed, and I keep getting the following in the log files: 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" 203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-" System: apache 1.3.28, php 4.3.1, RH7.3 ================================================== ====== <?php if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){ header("HTTP/1.1 405 Method Not Allowed"); die(); } if( strtoupper($_SERVER['REQUEST_METHOD'])=="POST") ...

  1. #1

    Default #19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use

    ID: 19113
    Comment by: arafuse at bcexplorers dot com
    Reported By: php_new at jdc dot parodius dot com
    Status: Bogus
    Bug Type: Apache related
    Operating System: FreeBSD
    PHP Version: 4.3.2-dev
    New Comment:

    I had to take the code a little further.
    I don't have mod_proxy/mod_rewrite installed, and I keep getting the
    following in the log files:

    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"
    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"

    System: apache 1.3.28, php 4.3.1, RH7.3
    ================================================== ======
    <?php
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="POST") {
    if (preg_match("/\:(\d+)/", $_SERVER['REQUEST_URI'], $matches))
    {
    if (($matches[1] != '80') && ($matches[1] != '443')) {
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    }
    }
    ?>
    ================================================== ======


    Previous Comments:
    ------------------------------------------------------------------------

    [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca

    I have also ted this issue
    slack 9.0. 1.3.27 / 4.3.2

    I have also applied the above fix
    <snip>
    <?
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>
    </snip>
    I has stopped the issue until php releases the fix

    ------------------------------------------------------------------------

    [2003-07-02 05:37:27] paul at pizza dot org

    Same problem Linux Mandrake 9.0 Apache 1.3.27 PHP 4.3.2.

    ------------------------------------------------------------------------

    [2003-06-24 02:00:53] dortega at telenium dot es

    I've got the same problem with Solaris 2.8/Apache1.3.23/php-4.1.2

    ------------------------------------------------------------------------

    [2003-06-19 20:10:30] fallenmatt at yahoo dot com

    this is my temporally fix:
    i put it in an include file with a nice body (coppied from apache
    response to connect) and include it on top of index.php files for each
    virtual server:

    <?
    if( strtoupper($HTTP_SERVER_VARS['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>

    you should probably use $_SERVER[] instead... and no empty lines in
    your include file, otherwise header() gets confused

    ------------------------------------------------------------------------

    [2003-06-19 09:47:51] fallenmatt at yahoo dot com

    i found this bug affecting my servers too.
    the severity of it is that spammers scan for open proxies and then
    don't check that they get smtp connection back, anything that's
    succesfull request puts the address on their proxy list.

    the result: i've got basically denial of service attack. My server was
    getting thousands of requests ("connect x.x.x.x:25) per hours,
    sometimes hundreds per minute. SInce it does a lot of mysql querries my
    database gaved up and started throwing can't connect to database
    errors.

    it is still a persistent problem. for a time being i check my counters
    and whenever i get large number of requests from same ip address i just
    ban it on my firewall.

    that is not a good sollution so still looking for a way to really fix
    it.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/19113[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url]

    arafuse at bcexplorers dot com Guest

  2. #2

    Default #19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use

    ID: 19113
    Comment by: messi at toxis dot com
    Reported By: php_new at jdc dot parodius dot com
    Status: Bogus
    Bug Type: Apache related
    Operating System: FreeBSD
    PHP Version: 4.3.2-dev
    New Comment:

    Reproduced with Apache 2.0.47 (prefork) and PHP 4.3.2
    (module/apache2handler) on Linux with an /index.php in docroot of first
    vhost.

    httpd.conf:
    DirectoryIndex index.php index.html index.htm
    AddType application/x-httpd-php .php

    CONNECT [url]www.google.com:80[/url] HTTP/1.0 --> HTTP/1.1 200 OK
    TINTE / HELLO/1.0 --> HTTP/1.1 200 OK


    I can't believe this. Please tell me this is a feature and there is a
    way to turn this off. Also, please explain to me why this so-called
    feature is turned on by default.

    Well, there might be some reasons to introduce a new request method or
    even a new http-like protocol and that /index.php can handle this but
    this shouldn't be allowed by default.

    Thanks in advance.


    Previous Comments:
    ------------------------------------------------------------------------

    [2003-08-06 19:38:21] arafuse at bcexplorers dot com

    I had to take the code a little further.
    I don't have mod_proxy/mod_rewrite installed, and I keep getting the
    following in the log files:

    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"
    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"

    System: apache 1.3.28, php 4.3.1, RH7.3
    ================================================== ======
    <?php
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="POST") {
    if (preg_match("/\:(\d+)/", $_SERVER['REQUEST_URI'], $matches))
    {
    if (($matches[1] != '80') && ($matches[1] != '443')) {
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    }
    }
    ?>
    ================================================== ======

    ------------------------------------------------------------------------

    [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca

    I have also ted this issue
    slack 9.0. 1.3.27 / 4.3.2

    I have also applied the above fix
    <snip>
    <?
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>
    </snip>
    I has stopped the issue until php releases the fix

    ------------------------------------------------------------------------

    [2003-06-19 20:10:30] fallenmatt at yahoo dot com

    this is my temporally fix:
    i put it in an include file with a nice body (coppied from apache
    response to connect) and include it on top of index.php files for each
    virtual server:

    <?
    if( strtoupper($HTTP_SERVER_VARS['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>

    you should probably use $_SERVER[] instead... and no empty lines in
    your include file, otherwise header() gets confused

    ------------------------------------------------------------------------

    [2003-06-19 09:47:51] fallenmatt at yahoo dot com

    i found this bug affecting my servers too.
    the severity of it is that spammers scan for open proxies and then
    don't check that they get smtp connection back, anything that's
    succesfull request puts the address on their proxy list.

    the result: i've got basically denial of service attack. My server was
    getting thousands of requests ("connect x.x.x.x:25) per hours,
    sometimes hundreds per minute. SInce it does a lot of mysql querries my
    database gaved up and started throwing can't connect to database
    errors.

    it is still a persistent problem. for a time being i check my counters
    and whenever i get large number of requests from same ip address i just
    ban it on my firewall.

    that is not a good sollution so still looking for a way to really fix
    it.

    ------------------------------------------------------------------------

    [2003-06-03 22:47:22] php_new at jdc dot parodius dot com

    I don't use mod_perl. The only third-party module I use besides
    mod_php is mod_watch, which is not the core of the problem (I've tried
    removing it; same result).

    Without mod_php installed, this problem disappears.

    List of modules loaded:
    Loaded Modules mod_watch, mod_php4, mod_setenvif, mod_so,
    mod_usertrack, mod_headers, mod_expires, mod_auth_db, mod_auth,
    mod_access, mod_alias, mod_userdir, mod_actions, mod_cgi, mod_dir,
    mod_autoindex, mod_include, mod_mime, mod_log_config, mod_env,
    mod_mmap_static, http_core

    SERVER_SOFTWARE Apache/1.3.27 (Unix) mod_watch/3.17 PHP/4.3.2RC4

    If I open up an Apache bug report, there is going to be a lot of
    finger-pointing. Are we sure we want to do this? Is it at all
    possible to get the PHP developers to open a report about this problem
    rather than the end-user?

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/19113[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url]

    messi at toxis dot com Guest

  3. #3

    Default #19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use

    ID: 19113
    Comment by: uhlar at fantomas dot sk
    Reported By: php_new at jdc dot parodius dot com
    Status: Bogus
    Bug Type: Apache related
    Operating System: FreeBSD
    PHP Version: 4.3.2-dev
    New Comment:

    Isn't there a possibility to check for valid/supported methods?
    maybe such check should be in apache, but couldn't php check what
    method it's processing instead of processing CONNECT as GET?


    Previous Comments:
    ------------------------------------------------------------------------

    [2003-08-17 12:52:22] messi at toxis dot com

    Reproduced with Apache 2.0.47 (prefork) and PHP 4.3.2
    (module/apache2handler) on Linux with an /index.php in docroot of first
    vhost.

    httpd.conf:
    DirectoryIndex index.php index.html index.htm
    AddType application/x-httpd-php .php

    CONNECT [url]www.google.com:80[/url] HTTP/1.0 --> HTTP/1.1 200 OK
    TINTE / HELLO/1.0 --> HTTP/1.1 200 OK


    I can't believe this. Please tell me this is a feature and there is a
    way to turn this off. Also, please explain to me why this so-called
    feature is turned on by default.

    Well, there might be some reasons to introduce a new request method or
    even a new http-like protocol and that /index.php can handle this but
    this shouldn't be allowed by default.

    Thanks in advance.

    ------------------------------------------------------------------------

    [2003-08-06 19:38:21] arafuse at bcexplorers dot com

    I had to take the code a little further.
    I don't have mod_proxy/mod_rewrite installed, and I keep getting the
    following in the log files:

    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"
    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"

    System: apache 1.3.28, php 4.3.1, RH7.3
    ================================================== ======
    <?php
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="POST") {
    if (preg_match("/\:(\d+)/", $_SERVER['REQUEST_URI'], $matches))
    {
    if (($matches[1] != '80') && ($matches[1] != '443')) {
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    }
    }
    ?>
    ================================================== ======

    ------------------------------------------------------------------------

    [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca

    I have also ted this issue
    slack 9.0. 1.3.27 / 4.3.2

    I have also applied the above fix
    <snip>
    <?
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>
    </snip>
    I has stopped the issue until php releases the fix

    ------------------------------------------------------------------------

    [2003-06-19 20:10:30] fallenmatt at yahoo dot com

    this is my temporally fix:
    i put it in an include file with a nice body (coppied from apache
    response to connect) and include it on top of index.php files for each
    virtual server:

    <?
    if( strtoupper($HTTP_SERVER_VARS['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>

    you should probably use $_SERVER[] instead... and no empty lines in
    your include file, otherwise header() gets confused

    ------------------------------------------------------------------------

    [2003-06-19 09:47:51] fallenmatt at yahoo dot com

    i found this bug affecting my servers too.
    the severity of it is that spammers scan for open proxies and then
    don't check that they get smtp connection back, anything that's
    succesfull request puts the address on their proxy list.

    the result: i've got basically denial of service attack. My server was
    getting thousands of requests ("connect x.x.x.x:25) per hours,
    sometimes hundreds per minute. SInce it does a lot of mysql querries my
    database gaved up and started throwing can't connect to database
    errors.

    it is still a persistent problem. for a time being i check my counters
    and whenever i get large number of requests from same ip address i just
    ban it on my firewall.

    that is not a good sollution so still looking for a way to really fix
    it.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/19113[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url]

    uhlar at fantomas dot sk Guest

  4. #4

    Default #19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use

    ID: 19113
    Comment by: messi at toxis dot com
    Reported By: php_new at jdc dot parodius dot com
    Status: Bogus
    Bug Type: Apache related
    Operating System: FreeBSD
    PHP Version: 4.3.2-dev
    New Comment:

    I added the following three lines to Apache's mod_dir. This is ugly but
    works fine for me. Unless there's another way to prevent mod_php4 from
    getting invoked I'll use this on my machines.
    Dunno if this will work with mod_proxy but I guess so.

    --- src/modules/standard/mod_dir.c
    +++ src/modules/standard/mod_dir.c
    -118,4 +118,7
    static int handle_dir(request_rec *r)
    {
    + if (r->method_number == M_CONNECT)
    + return HTTP_NOT_IMPLEMENTED;
    +
    dir_config_rec *d =
    (dir_config_rec *) ap_get_module_config(r->per_dir_config,

    Use it at your own risk and only with Apache 1.3(.28)!


    Previous Comments:
    ------------------------------------------------------------------------

    [2003-08-20 08:27:13] uhlar at fantomas dot sk

    Isn't there a possibility to check for valid/supported methods?
    maybe such check should be in apache, but couldn't php check what
    method it's processing instead of processing CONNECT as GET?

    ------------------------------------------------------------------------

    [2003-08-17 12:52:22] messi at toxis dot com

    Reproduced with Apache 2.0.47 (prefork) and PHP 4.3.2
    (module/apache2handler) on Linux with an /index.php in docroot of first
    vhost.

    httpd.conf:
    DirectoryIndex index.php index.html index.htm
    AddType application/x-httpd-php .php

    CONNECT [url]www.google.com:80[/url] HTTP/1.0 --> HTTP/1.1 200 OK
    TINTE / HELLO/1.0 --> HTTP/1.1 200 OK


    I can't believe this. Please tell me this is a feature and there is a
    way to turn this off. Also, please explain to me why this so-called
    feature is turned on by default.

    Well, there might be some reasons to introduce a new request method or
    even a new http-like protocol and that /index.php can handle this but
    this shouldn't be allowed by default.

    Thanks in advance.

    ------------------------------------------------------------------------

    [2003-08-06 19:38:21] arafuse at bcexplorers dot com

    I had to take the code a little further.
    I don't have mod_proxy/mod_rewrite installed, and I keep getting the
    following in the log files:

    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"
    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"

    System: apache 1.3.28, php 4.3.1, RH7.3
    ================================================== ======
    <?php
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="POST") {
    if (preg_match("/\:(\d+)/", $_SERVER['REQUEST_URI'], $matches))
    {
    if (($matches[1] != '80') && ($matches[1] != '443')) {
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    }
    }
    ?>
    ================================================== ======

    ------------------------------------------------------------------------

    [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca

    I have also ted this issue
    slack 9.0. 1.3.27 / 4.3.2

    I have also applied the above fix
    <snip>
    <?
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>
    </snip>
    I has stopped the issue until php releases the fix

    ------------------------------------------------------------------------

    [2003-06-19 20:10:30] fallenmatt at yahoo dot com

    this is my temporally fix:
    i put it in an include file with a nice body (coppied from apache
    response to connect) and include it on top of index.php files for each
    virtual server:

    <?
    if( strtoupper($HTTP_SERVER_VARS['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>

    you should probably use $_SERVER[] instead... and no empty lines in
    your include file, otherwise header() gets confused

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/19113[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url]
    messi at toxis dot com Guest

  5. #5

    Default #19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use

    ID: 19113
    Comment by: chipster at norlug dot org
    Reported By: php_new at jdc dot parodius dot com
    Status: Bogus
    Bug Type: Apache related
    Operating System: FreeBSD
    PHP Version: 4.3.2-dev
    New Comment:

    I have also ted this issue:
    -Slackware 9.1
    -Apache 1.3.28
    -PHP 4.3.3

    The mod_dir patch here works great, but an ugly hack :-)


    Previous Comments:
    ------------------------------------------------------------------------

    [2003-08-24 10:26:07] messi at toxis dot com

    I added the following three lines to Apache's mod_dir. This is ugly but
    works fine for me. Unless there's another way to prevent mod_php4 from
    getting invoked I'll use this on my machines.
    Dunno if this will work with mod_proxy but I guess so.

    --- src/modules/standard/mod_dir.c
    +++ src/modules/standard/mod_dir.c
    -118,4 +118,7
    static int handle_dir(request_rec *r)
    {
    + if (r->method_number == M_CONNECT)
    + return HTTP_NOT_IMPLEMENTED;
    +
    dir_config_rec *d =
    (dir_config_rec *) ap_get_module_config(r->per_dir_config,

    Use it at your own risk and only with Apache 1.3(.28)!

    ------------------------------------------------------------------------

    [2003-08-20 08:27:13] uhlar at fantomas dot sk

    Isn't there a possibility to check for valid/supported methods?
    maybe such check should be in apache, but couldn't php check what
    method it's processing instead of processing CONNECT as GET?

    ------------------------------------------------------------------------

    [2003-08-17 12:52:22] messi at toxis dot com

    Reproduced with Apache 2.0.47 (prefork) and PHP 4.3.2
    (module/apache2handler) on Linux with an /index.php in docroot of first
    vhost.

    httpd.conf:
    DirectoryIndex index.php index.html index.htm
    AddType application/x-httpd-php .php

    CONNECT [url]www.google.com:80[/url] HTTP/1.0 --> HTTP/1.1 200 OK
    TINTE / HELLO/1.0 --> HTTP/1.1 200 OK


    I can't believe this. Please tell me this is a feature and there is a
    way to turn this off. Also, please explain to me why this so-called
    feature is turned on by default.

    Well, there might be some reasons to introduce a new request method or
    even a new http-like protocol and that /index.php can handle this but
    this shouldn't be allowed by default.

    Thanks in advance.

    ------------------------------------------------------------------------

    [2003-08-06 19:38:21] arafuse at bcexplorers dot com

    I had to take the code a little further.
    I don't have mod_proxy/mod_rewrite installed, and I keep getting the
    following in the log files:

    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"
    203.98.129.180 - - [05/Aug/2003:17:43:32 -0700] "POST
    [url]http://64.59.128.220:25/[/url] HTTP/1.1" 200 933 "-" "-"

    System: apache 1.3.28, php 4.3.1, RH7.3
    ================================================== ======
    <?php
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="POST") {
    if (preg_match("/\:(\d+)/", $_SERVER['REQUEST_URI'], $matches))
    {
    if (($matches[1] != '80') && ($matches[1] != '443')) {
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    }
    }
    ?>
    ================================================== ======

    ------------------------------------------------------------------------

    [2003-07-07 17:59:18] jesseNO at SPAMhousejunkie dot ca

    I have also ted this issue
    slack 9.0. 1.3.27 / 4.3.2

    I have also applied the above fix
    <snip>
    <?
    if( strtoupper($_SERVER['REQUEST_METHOD'])=="CONNECT"){
    header("HTTP/1.1 405 Method Not Allowed");
    die();
    }
    ?>
    </snip>
    I has stopped the issue until php releases the fix

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    [url]http://bugs.php.net/19113[/url]

    --
    Edit this bug report at [url]http://bugs.php.net/?id=19113&edit=1[/url]
    chipster at norlug dot org Guest

  6. #6

    Default #19113 [Com]: HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use

    ID: 19113
    Comment by: uhlar at fantomas dot sk
    Reported By: php_new at jdc dot parodius dot com
    Status: Bogus
    Bug Type: Apache related
    Operating System: FreeBSD
    PHP Version: 4.3.2-dev
    New Comment:

    I don't know the apache's interface to modules, But I think that either
    php should tell apache by initialization that it can handle GET, HEAD,
    and POST method, ot the php should
    check whether it is able to process the method (CONNECT in this case) -
    if it does have handler for it.
    I think that php does not have handler for CONNECT by default, thus it
    should either reject the request or pass it to apache for later
    processing.

    mod_perl probably has the same bug, but unless apache does have an
    interface for modules to specify which methods are they able to use AND
    ignores the methods, it is a bug od mod_php versus mod_perl...


    Previous Comments:
    ------------------------------------------------------------------------

    [2003-08-24 10:26:07] messi at toxis dot com

    I added the following three lines to Apache's mod_dir. This is ugly but
    works fine for me. Unless there's another way to prevent mod_php4 from
    getting invoked I'll use this on my machines.
    Dunno if this will work with mod_proxy but I guess so.

    --- src/modules/standard/mod_dir.c
    +++ src/modules/standard/mod_dir.c
    -118,4 +118,7
    static int handle_dir(request_rec *r)
    {
    + if (r->method_number == M_CONNECT)
    + return HTTP_NOT_IMPLEMENTED;
    +
    dir_config_rec *d =
    (dir_config_rec *) ap_get_module_config(r->per_dir_config,

    Use it at your own risk and only with Apache 1.3(.28)!

    ------------------------------------------------------------------------

    [2003-06-03 22:17:59] net

    See comment by: [16 Mar 6:40am CST] psi-jack at myrddincd dot com

    ------------------------------------------------------------------------

    [2003-03-16 06:40:23] psi-jack at myrddincd dot com

    I've been testing out all the comments mentioned in this report.

    The findings I have, is with Apache 1.3.27, and various modules. The
    modules I use is mod_php 4.3.0, mod_perl 1.27, mod_mp3 0.39, and for
    mod_perl, I had HTML-Mason and AxKit, and various other non-advertising
    mod_perl modules.

    What did I find? With all the mentioned modules loaded, I get the same
    results as mentioned within these comments.
    \xe3P
    TINTE / HTTP/1.0
    CONNECT www.google.com:80 HTTP/1.0

    Etc, all these, provide the default page, wether it's a DirectoryIndex,
    or directory listing itself.

    I unloaded mod_php, as per this bug was about. Still, same results.
    Once I unloaded mod_perl, however, the problem went away. I started
    getting 501's with those requests.

    mod_mp3 didn't seem to effect that at all.

    My final conclusion, this is very likely to be an Apache DSO bug, and
    not related directly to PHP, since it occured with mod_perl as well.
    The only one thing I did not try, was unloading my perlmodules from
    mod_perl.

    ------------------------------------------------------------------------

    [2003-01-22 05:14:24] karabass at mitino dot ptt dot ru

    It *is* severe because when I see in apache access_log a message like
    this:

    24.153.155.146 - - [22/Jan/2003:01:25:48 +0300] "CONNECT
    maildelivery.somewhere:25 HTTP/1.0" 200 44623 "-" "-"
    it is threatening enough for me to put away what I was doing and start
    staring at my httpd.conf. And that only takes 3-4 hours to just find
    this bug-report and make myself comfortable about this new "PHP
    feature".

    ------------------------------------------------------------------------

    [2003-01-19 04:57:37] net

    Well can you tell me why it is "severe"?

    Okay it is maybe not correct that it reacts on any string
    but basicly why should it not react on

    TINTE / HTTP/1.0

    This could be a valid request if the server has loaded
    mod_tinte v1.0 or whatever. If you dislike the feature
    you can always check for a valid ("from your point of
    view") request method from within your scripts.


    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    http://bugs.php.net/19113

    --
    Edit this bug report at http://bugs.php.net/?id=19113&edit=1
    uhlar Guest

Similar Threads

  1. HTTP Status 500 Error with SSL
    By Syndrake in forum Coldfusion Server Administration
    Replies: 0
    Last Post: September 27th, 01:35 PM
  2. error HTTP Status : 500
    By dafmyns in forum Macromedia Flex General Discussion
    Replies: 2
    Last Post: June 3rd, 07:23 AM
  3. HTTP status 401: Unauthorized in SC Win98se
    By emily li via .NET 247 in forum ASP.NET Web Services
    Replies: 4
    Last Post: January 23rd, 05:29 PM
  4. HTTP status 401
    By ALI-R in forum ASP.NET Web Services
    Replies: 3
    Last Post: January 21st, 01:57 AM
  5. Replies: 1
    Last Post: September 22nd, 01:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •