RE: [users@httpd] only allowing specific hosts via https proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The thing is that the URL requested by the CONNECT method is not prefixed with http://. Therefore, <ProxyMatch "^https"> will never match anything unless the host name is https.

The following wil disallow access to http://www.forbidden.com/ (which translates into "GET http://www.forbidden.com/";) but allow anything else whether http or https.

   <ProxyMatch "^http://www.forbidden.com";>
        deny from all
   </ProxyMatch>

The following will disallow https://www.forbidden.com (which translates into "CONNECT www.forbidden.com") but allow anything else...

   <ProxyMatch "^www.forbidden.com">
        deny from all
   </ProxyMatch>

-ascs

-----Original Message-----
From: Sebastian Reitenbach [mailto:reitenbach@xxxxxxxxxxx] 
Sent: Wednesday, February 01, 2006 12:58 PM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] only allowing specific hosts via https proxy

Hi,  
  
Axel-Stéphane__SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> wrote:   
> Do you have both proxymatch blocks in the same configuration ??  
>   
  
  
no, I tested with the first ProxyMatch, and the http site was blocked, then I added the s to the http and restarted apache. And I was able to retrieve the https site.  
 
 
  
>     
> The following will block all traffic to e.g. http://www.ccc.de    
> <ProxyMatch "http.*.ccc.de.*">    
>         order deny,allow    
>         deny from all    
>         allow from none    
> </ProxyMatch>    
>     
> But the following will not block traffic to e.g. https://www.ccc.de    
> <ProxyMatch "https.*.ccc.de.*">    
>         order deny,allow    
>         deny from all    
>         allow from none    
> </ProxyMatch>    
>     
  
kind regards 
sebastian   
  


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux