httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastian Reitenbach" <reitenb...@rapideye.de>
Subject RE: [users@httpd] only allowing specific hosts via https proxy
Date Wed, 01 Feb 2006 14:52:02 GMT
Hi,  
  
that helped me to do what I wanted. Now my apache configuration looks like 
this: 
  
<ProxyMatch ".*"> 
        deny from all 
</ProxyMatch> 
 
<ProxyMatch "^www.trustedhost1.com|^www.trustedhost2.com|http://.*|ftp://.*"> 
        allow from all 
        SetOutputFilter     CLAMAV 
</ProxyMatch> 
 
allows me to access some trusted ssl hosts and all other ftp and http traffic 
is filtered via clamav. 
 
thanks a lot. 
 
kind regards 
Sebastian 
 
 
Axel-St├ęphane__SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com> wrote:   
> The thing is that the URL requested by the CONNECT method is not prefixed  
with http://. Therefore, <ProxyMatch "^https"> will never match anything  
unless the host name is https.  
>   
> The following wil disallow access to http://www.forbidden.com/ (which  
translates into "GET http://www.forbidden.com/") but allow anything else  
whether http or https.  
>   
>    <ProxyMatch "^http://www.forbidden.com">  
>         deny from all  
>    </ProxyMatch>  
>   
> The following will disallow https://www.forbidden.com (which translates into  
"CONNECT www.forbidden.com") but allow anything else...  
>   
>    <ProxyMatch "^www.forbidden.com">  
>         deny from all  
>    </ProxyMatch>  
>   
> -ascs  
>   
> -----Original Message-----  
> From: Sebastian Reitenbach [mailto:reitenbach@rapideye.de]   
> Sent: Wednesday, February 01, 2006 12:58 PM  
> To: users@httpd.apache.org  
> Subject: RE: [users@httpd] only allowing specific hosts via https proxy  
>   
> Hi,    
>     
> Axel-St├ęphane__SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com> wrote:     
> > Do you have both proxymatch blocks in the same configuration ??    
> >     
>     
>     
> no, I tested with the first ProxyMatch, and the http site was blocked, then  
I added the s to the http and restarted apache. And I was able to retrieve the  
https site.    
>    
>    
>     
> >       
> > The following will block all traffic to e.g. http://www.ccc.de      
> > <ProxyMatch "http.*.ccc.de.*">      
> >         order deny,allow      
> >         deny from all      
> >         allow from none      
> > </ProxyMatch>      
> >       
> > But the following will not block traffic to e.g. https://www.ccc.de    >  
<ProxyMatch "https.*.ccc.de.*">      
> >         order deny,allow      
> >         deny from all      
> >         allow from none      
> > </ProxyMatch>      
> >       
>     
> kind regards   
> sebastian     
>     
>   
>   
> ---------------------------------------------------------------------  
> The official User-To-User support forum of the Apache HTTP Server Project.  
> See <URL:http://httpd.apache.org/userslist.html> for more info.  
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org  
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org  
> For additional commands, e-mail: users-help@httpd.apache.org  
>   
>   
>   
  
--   
Sebastian Reitenbach            Tel.: ++49-(0)3381-8904-305      
RapidEye AG                     Fax: ++49-(0)3381-8904-101      
Friedrich-Franz-Str. 19         e-mail:reitenbach@rapideye.de       
D-14770 Brandenburg             web:http://www.rapideye.de 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message