Hi, that helped me to do what I wanted. Now my apache configuration looks like this: <ProxyMatch ".*"> deny from all </ProxyMatch> <ProxyMatch "^www.trustedhost1.com|^www.trustedhost2.com|http://.*|ftp://.*"> allow from all SetOutputFilter CLAMAV </ProxyMatch> allows me to access some trusted ssl hosts and all other ftp and http traffic is filtered via clamav. thanks a lot. kind regards Sebastian Axel-Stéphane__SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> wrote: > The thing is that the URL requested by the CONNECT method is not prefixed with http://. Therefore, <ProxyMatch "^https"> will never match anything unless the host name is https. > > The following wil disallow access to http://www.forbidden.com/ (which translates into "GET http://www.forbidden.com/") but allow anything else whether http or https. > > <ProxyMatch "^http://www.forbidden.com"> > deny from all > </ProxyMatch> > > The following will disallow https://www.forbidden.com (which translates into "CONNECT www.forbidden.com") but allow anything else... > > <ProxyMatch "^www.forbidden.com"> > deny from all > </ProxyMatch> > > -ascs > > -----Original Message----- > From: Sebastian Reitenbach [mailto:reitenbach@xxxxxxxxxxx] > Sent: Wednesday, February 01, 2006 12:58 PM > To: users@xxxxxxxxxxxxxxxx > Subject: RE: [users@httpd] only allowing specific hosts via https proxy > > Hi, > > Axel-Stéphane__SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> wrote: > > Do you have both proxymatch blocks in the same configuration ?? > > > > > no, I tested with the first ProxyMatch, and the http site was blocked, then I added the s to the http and restarted apache. And I was able to retrieve the https site. > > > > > > > The following will block all traffic to e.g. http://www.ccc.de > > <ProxyMatch "http.*.ccc.de.*"> > > order deny,allow > > deny from all > > allow from none > > </ProxyMatch> > > > > But the following will not block traffic to e.g. https://www.ccc.de > <ProxyMatch "https.*.ccc.de.*"> > > order deny,allow > > deny from all > > allow from none > > </ProxyMatch> > > > > kind regards > sebastian > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > -- Sebastian Reitenbach Tel.: ++49-(0)3381-8904-305 RapidEye AG Fax: ++49-(0)3381-8904-101 Friedrich-Franz-Str. 19 e-mail:reitenbach@xxxxxxxxxxx D-14770 Brandenburg web:http://www.rapideye.de --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx