RE: [users@httpd] only allowing specific hosts via https proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

that helped me to do what I wanted. Now my apache configuration looks like
this:

<ProxyMatch ".*">
        deny from all
</ProxyMatch>

<ProxyMatch "^www.trustedhost1.com|^www.trustedhost2.com|http://.*|ftp://.*";>
        allow from all
        SetOutputFilter     CLAMAV
</ProxyMatch>

allows me to access some trusted ssl hosts and all other ftp and http traffic
is filtered via clamav.

thanks a lot.

kind regards
Sebastian


Axel-Stéphane__SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> wrote:
> The thing is that the URL requested by the CONNECT method is not prefixed
with http://. Therefore, <ProxyMatch "^https"> will never match anything
unless the host name is https.
>
> The following wil disallow access to http://www.forbidden.com/ (which
translates into "GET http://www.forbidden.com/";) but allow anything else
whether http or https.
>
>    <ProxyMatch "^http://www.forbidden.com";>
>         deny from all
>    </ProxyMatch>
>
> The following will disallow https://www.forbidden.com (which translates into
"CONNECT www.forbidden.com") but allow anything else...
>
>    <ProxyMatch "^www.forbidden.com">
>         deny from all
>    </ProxyMatch>
>
> -ascs
>
> -----Original Message-----
> From: Sebastian Reitenbach [mailto:reitenbach@xxxxxxxxxxx]
> Sent: Wednesday, February 01, 2006 12:58 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: RE: [users@httpd] only allowing specific hosts via https proxy
>
> Hi,
>
> Axel-Stéphane__SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> wrote:
> > Do you have both proxymatch blocks in the same configuration ??
> >
>
>
> no, I tested with the first ProxyMatch, and the http site was blocked, then
I added the s to the http and restarted apache. And I was able to retrieve the
https site.
>
>
>
> >
> > The following will block all traffic to e.g. http://www.ccc.de
> > <ProxyMatch "http.*.ccc.de.*">
> >         order deny,allow
> >         deny from all
> >         allow from none
> > </ProxyMatch>
> >
> > But the following will not block traffic to e.g. https://www.ccc.de    >
<ProxyMatch "https.*.ccc.de.*">
> >         order deny,allow
> >         deny from all
> >         allow from none
> > </ProxyMatch>
> >
>
> kind regards
> sebastian
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>

--
Sebastian Reitenbach            Tel.: ++49-(0)3381-8904-305
RapidEye AG                     Fax: ++49-(0)3381-8904-101
Friedrich-Franz-Str. 19         e-mail:reitenbach@xxxxxxxxxxx
D-14770 Brandenburg             web:http://www.rapideye.de


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux