Hi Reindl, I really appreciate your suggestions. Yes I put ProxyRequest Off in the redirection to jetty. 

However, in the default vhost I think that I need proxyrequest on, because if I don't have that Apache responds when a proxy request attempt is done, returning 403 code. I don't want that apache responds to that request, instead I want the connection dropped. I'm doing this with the vhost below, and mod_security is dropping the connection.

If I use ProxyRequests Off, is there another way that mod_security handles the request and drops the connection?

<VirtualHost SERVERIP:81>
   ServerName default.only
   SecRuleEngine On
   SecRule REMOTE_ADDR "^\d" log,drop,phase:1
   ProxyRequests On
 #Block all requests
 #       <Proxy *>
 #         Order deny,allow
 #         Deny from all
 #       </Proxy>
</VirtualHost>

Thank you again Reindl

Best regards

Alejandro

2013/2/16 Reindl Harald <h.reindl@thelounge.net>

Am 16.02.2013 15:19, schrieb Alejandro Casagrande:
> <VirtualHost SERVERIP:81>
>   ServerName default.only
>   SecRuleEngine On
>   SecRule REMOTE_ADDR "^\d" log,drop,phase:1
>
>   ProxyRequests On
>   #Block all requests
> #       <Proxy *>
> #         Order deny,allow
> #         Deny from all
> #       </Proxy>
> </VirtualHost>


DAMNED: ProxyRequests On

how often shoud i explain you that this should be Off
even for vhosts like below, this is from a WORKING setup

<VirtualHost *>
 ServerName         myhostname
 ProxyRequests      Off
 ProxyPass /        http://backend.vmware.local/
 ProxyPassReverse / http://backend.vmware.local/
 ProxyTimeout       300
</VirtualHost>


------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,
is your hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials, tech docs,
whitepapers, evaluation guides, and opinion stories. Check out the most
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/




--
Ing. Alejandro Casagrande
Advenio Software
http://www.advenio.com.ar