Re: Reverse proxy - block explicit proxy setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I managed to do this with rewrite rules; if the requested host is not on intranet, I'll forbid the request:

RewriteRule .* - [F]

From: alin vasile <alinachegalati@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Mon, April 19, 2010 11:36:23 PM
Subject: Re: Reverse proxy - block explicit proxy setup

Actually it doesn't block all the requests, but the requests that should go through the transparent proxy aren't rewriten, they are tried to be resolved to local files.

From: alin vasile <alinachegalati@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Mon, April 19, 2010 11:24:16 PM
Subject: Re: Reverse proxy - block explicit proxy setup

I made this virtual host:

NameVirtualHost *

<VirtualHost *>
   <Directory / >
       Order deny, allow
       Deny from all
   </Directory>
</VirtualHost *>

  But it blocks also my normal GET requests that should go through the transparent proxy (the client doesn't have the webserver configured as proxy).

From: Eric Covener <covener@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Mon, April 19, 2010 10:39:31 PM
Subject: Re: Reverse proxy - block explicit proxy setup

On Mon, Apr 19, 2010 at 2:47 PM, alin vasile <alinachegalati@xxxxxxxxx> wrote:
> Hi all,
>    After I am setting up a reverse proxy using httpd, how can I disable the
> requests from the clients that have it configured as (forward)  proxy?
>   For example If i put my proxy IP & port in Proxomitron, even if I
> configured "ProxyRequests Off", I can see in it while testing :
> New Message Log Window....
> Testing 192.168.187.129:30000
> Waiting for remote proxy's reply
>   >HTTP/1.1 200 OK
> Ending proxy test
> Testing 192.168.187.129:30000
> Waiting for remote proxy's reply
>   >HTTP/1.1 200 OK
> Ending proxy test
>   Thanks.

It's probably not being proxied, but served by your default
(first-listed) vhost that matches.

Create a default virtualhost to capture these and configure it to deny all.

--
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "  from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux