Date: Wed, 21 Aug 1996 09:45:17 +0200
From: "Ralf S. Engelschall" <rse@en.muc.de>
Message-Id: <199608210745.AA14917@en.muc.de>
To: new-httpd@hyperreal.com
Subject: Re: proxy server
Newsgroups: en.lists.apache-new-httpd
Organization: Engelschall (EN) Privat, Dachau/Munich, Germany
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

On 21 Aug 1996 07:22:27 +0200 in en.lists.apache-new-httpd you wrote:

> Ralf S. Engelschall said:
> > 2. Place the following directives to before all other Alias, ScripAlias 
> >    or RewriteRule directives (assuming that your domain is "domain.com" and
> >    the sales people operate from Subnet 1.2.3.0):
> > 
> >      RewriteEngine  On
> >      RewriteCond    %{REMOTE_ADDR}  ^1\.2\.3\.[0-9]+$
> >      RewriteRule    !^http://[^/.]+\.domain.com/.*  -  [F]
> > 
> >    This should block all proxy access to URIs outside your domain for people
> >    on subnet 1.2.3.0!

> Nope, didn't work. :( 

Hmmm... I tested it now in real world: Apache 1.1.1 and mod_rewrite
v2.2-SNAP. I allways got permission denied. BUT: This was caused because of
the old (and still fixed in 1.2-dev) problem with mod_negotiation.c and the
"proxy:.." URLs. After patching this file with
    if (r->proxyreq)
        return;
the above really works! When I tried some of my own domain, it runs through
the proxy, when I request any other URIs, then I get "permission denied",
caused by mod_rewrite!

I think you have tried it with 1.1.1 with the mod_negotiation patch and so
always got permission denied. But from two different sources...

Greetings,
                                        Ralf S. Engelschall    
                                        rse@engelschall.com
                                        http://www.engelschall.com/~rse