www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mar...@hyperreal.com
Subject mod_proxy/271: Access control for proxy does not work.
Date Thu, 27 Mar 1997 16:40:02 GMT

>Number:         271
>Category:       mod_proxy
>Synopsis:       Access control for proxy does not work.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Mar 27 08:40:01 1997
>Originator:     Martin.Kraemer@Mch.SNI.De
>Organization:
apache
>Release:        1.2b8-dev
>Environment:
SVR4-intel
>Description:
I'm using apache with the mod_proxy module and the following access control(s):          
                                                                     
                                                          
<IfModule mod_proxy.c>                                                          
<Directory proxy:*>                                                             
order deny,allow                                                                
deny from all                                                                   
allow from 127.0.0.1 139.25.113.10 192.168.123.1                                
#allow from 139.25.112.104                                                      
</Directory>                                                                    
</IfModule>                                                                      

Then I try to access http://www.geocities.com/ from the host 139.25.112.104              
                                       
and get (correctly):

[Thu Mar 27 17:06:54 1997] access to proxy:http://www.geocities.com/ failed for pgtd0119,
reason: Client denied by server configuration
pgtd0119 unknown - [27/Mar/1997:17:16:42 +0100] "GET http://www.geocities.com/ HTTP/1.0" 403
1089

But when I send a second request http://www.geocities.com/foo.bar
then the server passes the request to www.geocities.com, i.e., 
it performs the proxy service that should be disallowed:

pgtd0119 unknown - [27/Mar/1997:17:16:53 +0100] "GET http://www.geocities.com/foo.bar HTTP/1.0"
404 1064                                                      
                                                          
BTW: It would be nice if proxy (or any) access could be limited on host+path             
                                            
level, not just host level.
>How-To-Repeat:
See above.
>Fix:

>Audit-Trail:
>Unformatted:

Kraemer <Martin.Kraemer@Mch.SNI.De>
Reply-To: Martin.Kraemer@Mch.SNI.De
X-send-pr-version: 3.2



Mime
View raw message