httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-St├ęphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] only allowing specific hosts via https proxy
Date Wed, 01 Feb 2006 11:51:27 GMT
Do you have both proxymatch blocks in the same configuration ??

-ascs 

-----Original Message-----
From: Sebastian Reitenbach [mailto:reitenbach@rapideye.de] 
Sent: Wednesday, February 01, 2006 10:41 AM
To: users@httpd.apache.org
Subject: [users@httpd] only allowing specific hosts via https proxy

Hi,  
  
I am trying to do the following with the apache proxy module:  
  
I want to use apache proxy module for http, ftp and https (for some special  
trusted hosts) and redirect it to mod_clamav.  
  
This works very well for http and ftp. scanning https does not work, therefore  
I want to setup a whitelist of trusted https hosts.  
  
The AllowCONNECT statement only allows to define allowed ports, therefore  
useless.  
  
The ProxyBlock is generally useful to block unwanted content, to setup a  
blacklist. so far so good, but not useful for my case.  
  
Then I thought the <Proxy > or <ProxyMatch > containers would do the trick,  
but it does not seem to be that case.  
  
The following will block all traffic to e.g. http://www.ccc.de  
<ProxyMatch "http.*.ccc.de.*">  
        order deny,allow  
        deny from all  
        allow from none  
</ProxyMatch>  
  
But the following will not block traffic to e.g. https://www.ccc.de  
<ProxyMatch "https.*.ccc.de.*">  
        order deny,allow  
        deny from all  
        allow from none  
</ProxyMatch>  
  
I also tried the same with the <Proxy> container, but got the same result. 
 
Is there a way to only allow https connections to some given specific hosts? 
  
  
I am using SuSE 9.3 and the apache2-2.0.53-9.7 rpm of my distribution.  
  
kind regards 
Sebastian 
  


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message