Hi,
I got the same entry in my Apache logs. It returned a '200' - not a 404 - error.

What do I have to change in the Apache config file to stop tunneling?

Thanks,
Marc

Right, I was gone for a week so I just spotted this now.

I'm returning a 400 as I blocked anyone without a user agent specified using mod_security.
As I doubt you're using that (it can be a bit of a pain to set up) there's a bunch of things you can do:

1. If you don't need to use a proxy at all you can comment out the line that loads mod_proxy in your httpd.conf file.
2. If you somehow have mod_proxy built in then you can use the ProxyRequests Off command in your httpd.conf file to turn off your proxy.
3. If you need to use the proxy server for some reason then it gets trickier. The easiest way is to use the ProxyBlock directive to block access to that IP. You'd use something like ProxyBlock 1.3.3.7 to block access to that IP, so it would return a different status code instead of 200. This only works until whomever is doing it changes the IP they're attempting to connect to though.

More info on mod_proxy and its options is here, as I can only give a wee bit of help on it.

Feel free to post with any more questions though and I'll help the best I can.

Posted by g026r at 8 Vendémiaire CCXII 22:45 (2003/09/29)