On 21 Aug 1996 07:22:27 +0200 in en.lists.apache-new-httpd you wrote:
> Ralf S. Engelschall said:
> > 2. Place the following directives to before all other Alias, ScripAlias
> > or RewriteRule directives (assuming that your domain is "domain.com" and
> > the sales people operate from Subnet 1.2.3.0):
> >
> > RewriteEngine On
> > RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.[0-9]+$
> > RewriteRule !^http://[^/.]+\.domain.com/.* - [F]
> >
> > This should block all proxy access to URIs outside your domain for people
> > on subnet 1.2.3.0!
> Nope, didn't work. :(
Hmmm... I tested it now in real world: Apache 1.1.1 and mod_rewrite
v2.2-SNAP. I allways got permission denied. BUT: This was caused because of
the old (and still fixed in 1.2-dev) problem with mod_negotiation.c and the
"proxy:.." URLs. After patching this file with
if (r->proxyreq)
return;
the above really works! When I tried some of my own domain, it runs through
the proxy, when I request any other URIs, then I get "permission denied",
caused by mod_rewrite!
I think you have tried it with 1.1.1 with the mod_negotiation patch and so
always got permission denied. But from two different sources...
Greetings,
Ralf S. Engelschall
rse@engelschall.com
http://www.engelschall.com/~rse
|