RE: [users@httpd] only allowing specific hosts via https proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Do you have both proxymatch blocks in the same configuration ??

-ascs 

-----Original Message-----
From: Sebastian Reitenbach [mailto:reitenbach@xxxxxxxxxxx] 
Sent: Wednesday, February 01, 2006 10:41 AM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] only allowing specific hosts via https proxy

Hi,  
  
I am trying to do the following with the apache proxy module:  
  
I want to use apache proxy module for http, ftp and https (for some special  
trusted hosts) and redirect it to mod_clamav.  
  
This works very well for http and ftp. scanning https does not work, therefore  
I want to setup a whitelist of trusted https hosts.  
  
The AllowCONNECT statement only allows to define allowed ports, therefore  
useless.  
  
The ProxyBlock is generally useful to block unwanted content, to setup a  
blacklist. so far so good, but not useful for my case.  
  
Then I thought the <Proxy > or <ProxyMatch > containers would do the trick,  
but it does not seem to be that case.  
  
The following will block all traffic to e.g. http://www.ccc.de  
<ProxyMatch "http.*.ccc.de.*">  
        order deny,allow  
        deny from all  
        allow from none  
</ProxyMatch>  
  
But the following will not block traffic to e.g. https://www.ccc.de  
<ProxyMatch "https.*.ccc.de.*">  
        order deny,allow  
        deny from all  
        allow from none  
</ProxyMatch>  
  
I also tried the same with the <Proxy> container, but got the same result. 
 
Is there a way to only allow https connections to some given specific hosts? 
  
  
I am using SuSE 9.3 and the apache2-2.0.53-9.7 rpm of my distribution.  
  
kind regards 
Sebastian 
  


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux