Apache CONNECT request logs - should I be concerned?

security apache-2.4 proxy

These requests look like they were most likely sent a redirect to your actual web site, rather than being proxied to wherever the attacker was trying to go.

To be sure you are not allowing such requests, inspect your Apache configuration for the directive ProxyRequests. This is off by default, but some low quality Internet tutorials recommend turning it on to accomplish something else (which it does not). If you turn this on, then it may open your web server to being abused.

As for the requests themselves, it's best practice to keep your web site configuration in its own <VirtualHost> and isolated from Apache's default configuration, as shipped by your distribution, which should only return the "It works" page (as a 403 error). Thus any request that doesn't specifically request your domain name will get a 403.

Related

My Windows server is running OOM, this prevents me to remote desktop. How can I remotely reboot it? [closed]
Can standalone (not joined to domain ) Windows Server 2019 VM be configured to install updates automatically? [duplicate]
Ceph: is setting lower "size" parameter on a live pool possible?
Can nginx cache on user-defined headers?
Wiping out user and/or root password in embedded linux
Recover MacBook with full disk after failed OS upgrade
How to replace a tag with another tag system-wide?
How to convert a .cer file to .p12 without the keychain password?
Can I boot from an external drive with hardware encryption?
Hide name of the user and computer name from terminal window title
Where does a large file go when I delete it from a volume?
PBS not working on Apple TV. Other channels are fine