ID: 19113
Comment by: paul at pizza dot org
Reported By: php_new at jdc dot parodius dot com
Status: Bogus
Bug Type: Apache related
Operating System: FreeBSD
PHP Version: 4.3.2-dev
New Comment:
Same problem Linux Mandrake 9.0 Apache 1.3.27 PHP 4.3.2.
Previous Comments:
------------------------------------------------------------------------
[2003-06-24 02:00:53] dortega at telenium dot es
I've got the same problem with Solaris 2.8/Apache1.3.23/php-4.1.2
------------------------------------------------------------------------
[2003-06-19 20:10:30] fallenmatt at yahoo dot com
this is my temporally fix:
i put it in an include file with a nice body (coppied from apache
response to connect) and include it on top of index.php files for each
virtual server:
<?
if( strtoupper($HTTP_SERVER_VARS['REQUEST_METHOD'])=="CONNECT"){
header("HTTP/1.1 405 Method Not Allowed");
die();
}
?>
you should probably use $_SERVER[] instead... and no empty lines in
your include file, otherwise header() gets confused
------------------------------------------------------------------------
[2003-06-19 09:47:51] fallenmatt at yahoo dot com
i found this bug affecting my servers too.
the severity of it is that spammers scan for open proxies and then
don't check that they get smtp connection back, anything that's
succesfull request puts the address on their proxy list.
the result: i've got basically denial of service attack. My server was
getting thousands of requests ("connect x.x.x.x:25) per hours,
sometimes hundreds per minute. SInce it does a lot of mysql querries my
database gaved up and started throwing can't connect to database
errors.
it is still a persistent problem. for a time being i check my counters
and whenever i get large number of requests from same ip address i just
ban it on my firewall.
that is not a good sollution so still looking for a way to really fix
it.
------------------------------------------------------------------------
[2003-06-08 14:20:34] kustosz at bv dot pl
apache 1.3.27, php 4.3.1 (LoadModule), the problem of bad 200 response
code exist.
according to the first email, the known (for me) solution for this
problem is to create index.html page and in this page redirect to
index.php, then the response code id 405.
------------------------------------------------------------------------
[2003-06-03 22:47:22] php_new at jdc dot parodius dot com
I don't use mod_perl. The only third-party module I use besides
mod_php is mod_watch, which is not the core of the problem (I've tried
removing it; same result).
Without mod_php installed, this problem disappears.
List of modules loaded:
Loaded Modules mod_watch, mod_php4, mod_setenvif, mod_so,
mod_usertrack, mod_headers, mod_expires, mod_auth_db, mod_auth,
mod_access, mod_alias, mod_userdir, mod_actions, mod_cgi, mod_dir,
mod_autoindex, mod_include, mod_mime, mod_log_config, mod_env,
mod_mmap_static, http_core
SERVER_SOFTWARE Apache/1.3.27 (Unix) mod_watch/3.17 PHP/4.3.2RC4
If I open up an Apache bug report, there is going to be a lot of
finger-pointing. Are we sure we want to do this? Is it at all
possible to get the PHP developers to open a report about this problem
rather than the end-user?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19113
--
Edit this bug report at http://bugs.php.net/?id=19113&edit=1
