httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Foster, Stephen \(ASPIRE\)" <>
Subject [users@httpd] Securing forward proxy for CONNECT
Date Thu, 16 Jul 2009 17:13:19 GMT
Hi there,


I am using apache to proxy https requests to a remote server using the
AllowCONNECT method and am using ProxyRemote to send everything. What I
really need to do is limit what the proxy will send but everything I try
is not giving me what I want.


Client issues the request for
after setting their browser proxy settings to my proxy server.


Which is fine and gets proxied using the CONNECT Method, but if the
browser issues any other request, e.g hourly RSS get, different homepage
on startup etc. then these all get sent to the Proxy and onwards. This
is okay but I want the proxy to stop these requests unless they match
the URI specified.


My current config is as follows:


ProxyRequests On

ProxyTimeout 60


<Proxy *>

Order Allow,Deny

Allow from all



ProxyPass /server-status !


ProxyRemote * http://a.n.otherproxy:8080

AllowCONNECT 8444


I have tried using the mod_setenvif to set access control,e.g:


SetEnvIf Request_URI ^/URL/* let_me_in

<Proxy *>

Order Deny,Allow

Deny from all

Allow from env=let_me_in



However this only seems to work on straight HTTP calls and not on the
CONNECT method.


Any ideas?





Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini
UK plc, a company registered in England and Wales (number 943935) whose registered office
is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is the property
of the Capgemini Group. It is intended only for the person to whom it is addressed. If you
are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate,
distribute, or use this message or any part thereof. If you receive this message in error,
please notify the sender immediately and delete all copies of this message.

View raw message