Joost, Your comment provided me with a solution. What I was doing was as follow. I would deny all access, then I would allow specific sites using config directives like: <Proxy http://*.microsoft.com> This would have the effect of only allowing HTTP protocol with sites in the *.microsoft.com domain. Instead of denying all access using the following: <Proxy *> Order deny,allow Deny from all </Proxy> I now disallow access for HTTP protocol with the following: <Proxy http://*> Order deny,allow Deny from all </Proxy> This still leaves access to allowing proxy for HTTPS protocol and I can continu limiting specifically what is allowed for the HTTP protocol as before. Thank you. -----Original Message----- From: Joost de Heer [mailto:sanguis@xxxxxxxxx] Sent: August 15, 2005 8:09 To: Mario François Jauvin Subject: RE: Mod_proxy https question I've been thinking a bit more: >> <Proxy https://*.passport.com/*> >> Order deny,allow >> Deny from all >> Allow from 10.0.0 >> </Proxy> > >> This does not allow clients from subnet 10.0.0 to obtain pages from any >> SSL URL at passport.com. Because the connection arrives in an encrypted state for the proxy, so Apache never sees the destination URL. Joost --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|