If mod_proxy is commented out but you are using php5. Tried putting this statement http.allowed_methods = GET & POST into /*/php.ini But it had no effect? The best solution was to add an location declarative with a LimitExcept. The location in the httpd-conf where to place this is very important.
First find this in the conf file
# # Each directory to which Apache has access, can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # permissions for directories. # <Directory /> Options FollowSymLinks AllowOverride None Order allow,deny Deny from all </Directory> Then add the following right after it and restart apache to activate. # Second, we configure the "default" Location to restrict the methods allowed # to stop CONNECT method attacks. # <Location /> <LimitExcept GET POST> Order allow,deny Deny from all </LimitExcept> </Location>
All CONNECT requests from this point on will get a status code of 403
Forbidden for both perl and php CONNECT attacks.