Received: by taz.hyperreal.com (8.8.4/V2.0) id IAA24228;
 Thu, 27 Mar 1997 08:40:06 -0800 (PST)
Received: by taz.hyperreal.com (8.8.4/V2.0) id IAA24143;
 Thu, 27 Mar 1997 08:40:02 -0800 (PST)
Date: Thu, 27 Mar 1997 08:40:02 -0800 (PST)
Message-Id: <199703271640.IAA24143@taz.hyperreal.com>
From: Martin@hyperreal.com
Reply-To: Martin@hyperreal.com
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org
Subject: mod_proxy/271: Access control for proxy does not work.
In-Reply-To: Your message of Thu, 27 Mar 1997 08:37:26 -0800 (PST)
	<199703271637.IAA23293@taz.hyperreal.com>
Sender: apache-bugdb-owner@apache.org
Precedence: bulk


>Number:         271
>Category:       mod_proxy
>Synopsis:       Access control for proxy does not work.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Mar 27 08:40:01 1997
>Originator:     Martin.Kraemer@Mch.SNI.De
>Organization:
apache
>Release:        1.2b8-dev
>Environment:
SVR4-intel
>Description:
I'm using apache with the mod_proxy module and the following access control(s):                                                                                
                                                          
<IfModule mod_proxy.c>                                                          
<Directory proxy:*>                                                             
order deny,allow                                                                
deny from all                                                                   
allow from 127.0.0.1 139.25.113.10 192.168.123.1                                
#allow from 139.25.112.104                                                      
</Directory>                                                                    
</IfModule>                                                                      

Then I try to access http://www.geocities.com/ from the host 139.25.112.104                                                      
and get (correctly):

[Thu Mar 27 17:06:54 1997] access to proxy:http://www.geocities.com/ failed for pgtd0119, reason: Client denied by server configuration
pgtd0119 unknown - [27/Mar/1997:17:16:42 +0100] "GET http://www.geocities.com/ HTTP/1.0" 403 1089

But when I send a second request http://www.geocities.com/foo.bar
then the server passes the request to www.geocities.com, i.e., 
it performs the proxy service that should be disallowed:

pgtd0119 unknown - [27/Mar/1997:17:16:53 +0100] "GET http://www.geocities.com/foo.bar HTTP/1.0" 404 1064                                                      
                                                          
BTW: It would be nice if proxy (or any) access could be limited on host+path                                                          
level, not just host level.
>How-To-Repeat:
See above.
>Fix:

>Audit-Trail:
>Unformatted:

Kraemer <Martin.Kraemer@Mch.SNI.De>
Reply-To: Martin.Kraemer@Mch.SNI.De
X-send-pr-version: 3.2