Apache CONNECT request logs - should I be concerned?
These requests look like they were most likely sent a redirect to your actual web site, rather than being proxied to wherever the attacker was trying to go.
To be sure you are not allowing such requests, inspect your Apache configuration for the directive ProxyRequests
. This is off by default, but some low quality Internet tutorials recommend turning it on to accomplish something else (which it does not). If you turn this on, then it may open your web server to being abused.
As for the requests themselves, it's best practice to keep your web site configuration in its own <VirtualHost>
and isolated from Apache's default configuration, as shipped by your distribution, which should only return the "It works" page (as a 403 error). Thus any request that doesn't specifically request your domain name will get a 403.