The issue is not specific to mod_jk in any way, it just was initially observed in mod_jk logs.
All Brazilian URLs are coming from Host
header property of the GET
request. And as suggested in this comment this is a scan for open proxies.
Interesting enough it comes from the same IP address (65.111.177.188) for many months.
To shut this garbage out I added an extra rule to the mod_security conf file on the server:
SecRule &REQUEST_HEADERS:Host "!@pm mydomain" "phase:1,deny"
so that all hosts without mydomain
in them are denied right away.