httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 23673] New: - AllowCONNECT cannot be configured to allow connections to all ports
Date Wed, 08 Oct 2003 12:22:27 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23673>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23673

AllowCONNECT cannot be configured to allow connections to all ports

           Summary: AllowCONNECT cannot be configured to allow connections
                    to all ports
           Product: Apache httpd-2.0
           Version: 2.0.47
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: erno-apbugs@erno.iki.fi


AllowCONNECT cannot be configured to allow connections to all ports. This
makes life difficult if you don't want to restrict use of https (and other
creative uses of CONNECT) to non-standard ports.

proxy_connect.c:

   169      /* Check if it is an allowed port */
   170      if (conf->allowed_connect_ports->nelts == 0) {
   171          /* Default setting if not overridden by AllowCONNECT */
   172          switch (uri.port) {
   173              case APR_URI_HTTPS_DEFAULT_PORT:
   174              case APR_URI_SNEWS_DEFAULT_PORT:
   175                  break;
   176              default:
   177                  /* XXX can we call ap_proxyerror() here to get a nice lo
g message? */
   178                  return HTTP_FORBIDDEN;
   179          }
   180      } else if(!allowed_port(conf, uri.port)) {
   181          /* XXX can we call ap_proxyerror() here to get a nice log messag
e? */
   182          return HTTP_FORBIDDEN;
   183      }

...

    89  static int
    90  allowed_port(proxy_server_conf *conf, int port)
    91  {
    92      int i;
    93      int *list = (int *) conf->allowed_connect_ports->elts;
       

    94      for(i = 0; i < conf->allowed_connect_ports->nelts; i++) {
    95          if(port == list[i])
    96              return 1;
    97      }
    98      return 0;
    99  }

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message