Hi,
that helped me to do what I wanted. Now my apache configuration looks like
this:
<ProxyMatch ".*">
deny from all
</ProxyMatch>
<ProxyMatch "^www.trustedhost1.com|^www.trustedhost2.com|http://.*|ftp://.*">
allow from all
SetOutputFilter CLAMAV
</ProxyMatch>
allows me to access some trusted ssl hosts and all other ftp and http traffic
is filtered via clamav.
thanks a lot.
kind regards
Sebastian
Axel-Stéphane__SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com> wrote:
> The thing is that the URL requested by the CONNECT method is not prefixed
with http://. Therefore, <ProxyMatch "^https"> will never match anything
unless the host name is https.
>
> The following wil disallow access to http://www.forbidden.com/ (which
translates into "GET http://www.forbidden.com/") but allow anything else
whether http or https.
>
> <ProxyMatch "^http://www.forbidden.com">
> deny from all
> </ProxyMatch>
>
> The following will disallow https://www.forbidden.com (which translates into
"CONNECT www.forbidden.com") but allow anything else...
>
> <ProxyMatch "^www.forbidden.com">
> deny from all
> </ProxyMatch>
>
> -ascs
>
> -----Original Message-----
> From: Sebastian Reitenbach [mailto:reitenbach@rapideye.de]
> Sent: Wednesday, February 01, 2006 12:58 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] only allowing specific hosts via https proxy
>
> Hi,
>
> Axel-Stéphane__SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com> wrote:
> > Do you have both proxymatch blocks in the same configuration ??
> >
>
>
> no, I tested with the first ProxyMatch, and the http site was blocked, then
I added the s to the http and restarted apache. And I was able to retrieve the
https site.
>
>
>
> >
> > The following will block all traffic to e.g. http://www.ccc.de
> > <ProxyMatch "http.*.ccc.de.*">
> > order deny,allow
> > deny from all
> > allow from none
> > </ProxyMatch>
> >
> > But the following will not block traffic to e.g. https://www.ccc.de >
<ProxyMatch "https.*.ccc.de.*">
> > order deny,allow
> > deny from all
> > allow from none
> > </ProxyMatch>
> >
>
> kind regards
> sebastian
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
--
Sebastian Reitenbach Tel.: ++49-(0)3381-8904-305
RapidEye AG Fax: ++49-(0)3381-8904-101
Friedrich-Franz-Str. 19 e-mail:reitenbach@rapideye.de
D-14770 Brandenburg web:http://www.rapideye.de
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|