Hi Steven, thank you for your suggestion, but mod_rewrite will change the browser URL and I need that the url keeps the same, so that is why i'm using mod_proxy for this virtual host, only to redirect request to jetty webserver, and closing port 8080 in order to not exposing jetty.

I have a virtual host for handling requests that want to use my server as proxy. If I blocked all proxy requests, apache will return 404 for this requests (and mod_security won't handle the request), but what i want is that apache drop this kind of connection to not generate outgoing traffic. Also when a IP gets 5 attempts it will be banned for one week in the firewall (CSF+LFD), so I think this setting could work, I'm doing my test (working in port 81) and its working as I want, I set my browser to use that ip as proxy and the server drops my connection.

<VirtualHost SERVERIP:81>
  ServerName default.only
  SecRuleEngine On
  SecRule REMOTE_ADDR "^\d" log,drop,phase:1

  ProxyRequests On
  #Block all requests
#       <Proxy *>
#         Order deny,allow
#         Deny from all
#       </Proxy>
</VirtualHost>

Then I have another virtual host to redirect requests to jetty.

<VirtualHost SERVERIP:81>
    ServerName MYDOMAIN.COM
    ServerAlias www.MYDOMAIN.COM
    ProxyPreserveHost On
    ProxyPass / http://MYDOMAIN.COM:8080/
    ProxyPassReverse / http://MYDOMAIN.COM:8080/
</VirtualHost>

And of course I have as default in apache conf

ProxyRequests Off
<Proxy *>
 Order deny,allow
 Allow from all
</Proxy>

Thank you to everybody for your suggestions.

Best regards

Alejandro



2013/2/15 Steven Kucharzyk <stvrjk@yahoo.com>

Have you considered the use of mod_rewrite instead ???

http://httpd.apache.org/docs/2.2/rewrite/remapping.html



On Friday 15 February 2013 16:01:25 Alejandro Casagrande wrote:

> Yes, Reindl. Thank you for your concerns. The first thing that I did when I

> realize this problem was to stop apache and set the firewall to block port

> 80, in order to stop the traffic.

>

> In testing using apache in another port. I'm managed to block proxy

> requests, but I want that this requests consume the lower traffic possible,

> so that is why i was asking if instead apache responding 404 or 403, closes

> the connection so no outgoing traffic is made.

>

> Proxy is enabled only for a virtual host with a specific domain.

>

> I really appreciate your suggestions, thank you again.

>

> Best regards

>

> Alejandro

>

> 2013/2/15 Reindl Harald <h.reindl@thelounge.net>

>

> > have you set

> >

> > <IfModule mod_proxy.c>

> > ProxyRequests Off

> > </IfModule>

> >

> > a i suggested hours ago?

> > it does not need to be enabled, even for common proxy-setups in apache

> > and it SHOULD NOT be enabled except with specific needs in a

> > <Location> or <Vhost>

> >

> > Am 16.02.2013 00:37, schrieb Alejandro Casagrande:

> > > Thank you for your suggestions Steven. Unfortunately i need mod_proxy

> > because i need to redirect requests to

> > > another web server in another port.

> > >

> > > Besides disabling mod_proxy, I would like that apache does not respond

> > to this requests as they will generate

> > > traffic responding 404.

> > >

> > > 2013/2/15 Steven Kucharzyk <trak131-xchg@yahoo.com <mailto:

> > trak131-xchg@yahoo.com>>

> > >

> > > __

> > >

> > >

> > > I would like to suggest ... starting with Apache itself and unload,

> > remove, disable any mod_proxy modules and

> > > directives ... it does no good to establish mod_security rules to

> > block a service that you don't want running

> > > or understand how to control. I would do that with all modules you

> > don't understand and "park" or eliminate all

> > > virtual_host configurations that you yourself have not set up and

> > understand completely

> >

> >

> >

> > ------------------------------------------------------------------------------

> > The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,

> > is your hub for all things parallel software development, from weekly

> > thought

> > leadership blogs to news, videos, case studies, tutorials, tech docs,

> > whitepapers, evaluation guides, and opinion stories. Check out the most

> > recent posts - join the conversation now.

> > http://goparallel.sourceforge.net/

> > _______________________________________________

> > mod-security-users mailing list

> > mod-security-users@lists.sourceforge.net

> > https://lists.sourceforge.net/lists/listinfo/mod-security-users

> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:

> > http://www.modsecurity.org/projects/commercial/rules/

> > http://www.modsecurity.org/projects/commercial/support/

> >

> >

>

>

>


------

Mail delivery confirmation requests:

Confirmation requests, are sent to verify delivery by the mail delivery system and does not imply, the message was actually read/ understood by the intended recipient(s)


Indiscriminate confirmations to unknown parties may jeopardize your privacy.

--------

This e-mail message may contain privileged and/or confidential information, and is intended to be received only by persons entitled to receive such information. If you have received this e-mail in error, please notify the sender immediately. Please delete it and all attachments from any servers, hard drives or any other media. Other use of this e-mail by you is strictly prohibited. The information contained in this email may be subject to the export control laws and regulations of the united states, potentially including but not limited to the export administration regulations (ear) and sanctions regulations issued by the u.s. Department of treasury, office of foreign asset controls (ofac). As a recipient of this information you are obligated to comply with all applicable u.s. Export laws and regulations.



------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,
is your hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials, tech docs,
whitepapers, evaluation guides, and opinion stories. Check out the most
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/




--
Ing. Alejandro Casagrande
Advenio Software
http://www.advenio.com.ar