Apache httpd users mailing list,
I have just joined this mailing list, but a Google indicates that this
topic has not come up before. If I am wrong, I apologize, and ask for a
pointer.
I understand that the argument to the Proxy directive is supposed to be
a shell-style wildcard (rather than a simple prefix match), as the
argument to the ProxyMatch directive is supposed to be a Perl-style
regular expression.
I assume that these directives are evaluated in the order in which they
appear in the configuration file.
Both of these are reinforced by comments in the book "Pro Apache". The
first is mentioned in passing, but only prefix matching is shown in
examples in all other documentation. The second is not mentioned
anywhere else.
Given this, I asked folks on a machine which is temporarily inaccessible
to me to enter a configuration including a virtual host much like the
following. I'm afraid that domains and IP addresses have been changed
to protect the innocent. ;-) And much that might otherwise obscure has
been stripped away.
<VirtualHost *:8081>
ServerName proxy.example.com
ErrorLog logs/proxy_error
ProxyRequests On
ProxyVia On
<Proxy http://*.tuxedo.org*>
# Allow only those "Allow"ed that are not "Deny"ed.
Order allow,deny
# Exceptions to the default "Deny".
Allow from 127.0.0.1
Allow from 192.1.0.0/16
Allow from 192.0.0.0/16
# No "Deny" exceptions to the explicit "Allow"s.
</Proxy>
<Proxy http://*.linux.org*>
# Allow only those "Allow"ed that are not "Deny"ed.
Order allow,deny
# Exceptions to the default "Deny".
Allow from 127.0.0.1
Allow from 192.1.0.0/16
Allow from 192.0.0.0/16
# No "Deny" exceptions to the explicit "Allow"s.
</Proxy>
<Proxy http://*.tux.org*>
# Deny only those "Deny"ed unless they are "Allow"ed - this is the default
Order deny,allow
# No "Deny" exceptions to the default "Allow".
# No "Allow" exceptions to any explicit "Deny"s.
</Proxy>
<Proxy *>
# Allow only those "Allow"ed that are not "Deny"ed.
Order allow,deny
# Exceptions to the default "Deny"
Allow from 127.0.0.1
Allow from 192.1.0.0/16
Allow from 192.0.0.0/16
# Exceptions to the explicit "Allow"s
Deny from 192.0.2.0/24
</Proxy>
</VirtualHost>
The idea is that various people will have various levels of access to
the proxy when they insert "http://proxyhost.example.com:8081/"; in as
their Web browser proxy server.
- Everyone may use this proxy to reach *.tux.org/*
- Everyone in the two /16's may use this proxy to reach *.tuxedo.org/*
and *.linux.org/*.
- Everyone in the two 16's, except for those in the one /24, may use
this proxy to reach every other URL.
HOWEVER, when doing testing from a workstation at (say) 192.1.2.3, if
one adds a "Deny from 192.1.2.3" to the LAST block, then the tester can
no longer reach all of the URLs, which he could before.
It's been suggested that I consider the ProxyMatch directive instead,
but the only difference between the two is SUPPOSED to be that the
former uses Shell-style wildcards [but which shell???], and the latter
uses Perl-style regular expressions [presumably the current version].
For my purposes, both can express what I want to accept.
Can anybody suggest where my error is?
Thanks!
--
/*********************************************************************\
**
** Joe Yao jsdy@xxxxxxx - Joseph S. D. Yao
**
\*********************************************************************/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|