httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Stone <>
Subject Re: [users@httpd] Writing ProxyBlock dynamically...anybody doing it?
Date Wed, 06 Aug 2003 12:44:55 GMT
Joshua Slive wrote:
> On Tue, 5 Aug 2003, Timothy Stone wrote:
>>This is an interesting suggestion! Thank you for the reply. However, at
>>this time I cannot get it to work.
>>Add directives to httpd.conf:     check
>>Restart Apache:                   check
>>Set client to use proxy:          check
>>Go to "":  check, test page served
>>Go to "": fail, test page served
> Hmmm... I thought you wanted the reverse.  Perhaps you should be more
> clear on exactly what you are trying to block.
> I'd start by making sure that <Proxy> sections are working for you at all.
> For example
> <Proxy *>
> Order allow,deny
> Deny from all
> </Proxy>

Works! This is identical to saying:

ProxyBlock *

The client is correctly asking the proxy for pages. Since everything is 
blocked I get the "403 Forbidden" page as expected.

>... If that works, then I'd try something like:
> <ProxyMatch ^(?!*$>
> Order allow,deny
> Deny from all
> </ProxyMatch>

This unfortunately does not work. :( Again, I tried a number of 
permutations on this regular expression.

What I have done is turned on ProxyRequests:

ProxyRequests on

Added your sample ProxyMatch block:

<ProxyMatch ^(?!*$>
     Order allow,deny
     Deny from all

Everything is served. Nothing gets blocked/denied. I have also /tried/ 
adding the standard Proxy lockdown just preceding your suggestion:

<Proxy *>
	Order deny,allow
	Deny from all
	allow from localhost

To make sure that I wasn't forgetting something important. But removed 
it when I found that it overrides everything following it.

I'm starting to think it may be a limitation of the module, by design. 
Negated or "filtered" domains do not work. Maybe it just was never 
thought of by the developers. If I could code effectively in C/C++ I 
might submit a patch. Since I cannot...I'm seeking experienced advice or 
creative workarounds (hence the subject line).

I truly appreciate the help. It's possible that I'm barking up the right 
tree, but missing some important piece of the proxy puzzle that a more 
advanced apache admin might catch. Thank you, thank you for the help!


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message