httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Stone <cityli...@petmystone.com>
Subject Re: [users@httpd] Writing ProxyBlock dynamically...anybody doing it?
Date Wed, 06 Aug 2003 12:44:55 GMT
Joshua Slive wrote:
> On Tue, 5 Aug 2003, Timothy Stone wrote:
> 
>>This is an interesting suggestion! Thank you for the reply. However, at
>>this time I cannot get it to work.
>>
>>Add directives to httpd.conf:     check
>>Restart Apache:                   check
>>Set client to use proxy:          check
>>Go to "http://www.weather.com/":  check, test page served
>>Go to "http://www.mapquest.com/": fail, test page served
> 
> 
> Hmmm... I thought you wanted the reverse.  Perhaps you should be more
> clear on exactly what you are trying to block.
> 
> I'd start by making sure that <Proxy> sections are working for you at all.
> For example
> 
> <Proxy *>
> Order allow,deny
> Deny from all
> </Proxy>

Works! This is identical to saying:

ProxyBlock *

The client is correctly asking the proxy for pages. Since everything is 
blocked I get the "403 Forbidden" page as expected.

>... If that works, then I'd try something like:
> 
> <ProxyMatch ^(?!http://www.mapquest.com)/.*$>
> Order allow,deny
> Deny from all
> </ProxyMatch>
> 

This unfortunately does not work. :( Again, I tried a number of 
permutations on this regular expression.

What I have done is turned on ProxyRequests:

ProxyRequests on

Added your sample ProxyMatch block:

<ProxyMatch ^(?!http://www.mapquest.com)/.*$>
     Order allow,deny
     Deny from all
</ProxyMatch>

Everything is served. Nothing gets blocked/denied. I have also /tried/ 
adding the standard Proxy lockdown just preceding your suggestion:

<Proxy *>
	Order deny,allow
	Deny from all
	allow from localhost
</Proxy>

To make sure that I wasn't forgetting something important. But removed 
it when I found that it overrides everything following it.

I'm starting to think it may be a limitation of the module, by design. 
Negated or "filtered" domains do not work. Maybe it just was never 
thought of by the developers. If I could code effectively in C/C++ I 
might submit a patch. Since I cannot...I'm seeking experienced advice or 
creative workarounds (hence the subject line).

I truly appreciate the help. It's possible that I'm barking up the right 
tree, but missing some important piece of the proxy puzzle that a more 
advanced apache admin might catch. Thank you, thank you for the help!

Tim



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message