You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2002/05/28 18:47:17 UTC

mod_proxy and PR 10246 for 1.3.25

Looks interesting and useful... should we fold into 1.3 (and 2.0)?
-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

Re: mod_proxy and PR 10246 for 1.3.25

Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.

On Tue, May 28, 2002 at 12:47:17PM -0400, Jim Jagielski wrote:
> Looks interesting and useful... should we fold into 1.3 (and 2.0)?

+1 (untested)

   Martin
-- 
<Ma...@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Re: mod_proxy and PR 10246 for 1.3.25

Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.

On Tue, May 28, 2002 at 12:47:17PM -0400, Jim Jagielski wrote:
> Looks interesting and useful... should we fold into 1.3 (and 2.0)?

Second thoughts:

* it would be nice if this functionality could be folded into AllowCONNECT.

  - AllowConnect currently accepts only ports (thus a misnomer,
    a better name might have been AllowConnectPorts).

  - I imagine an
    > "AllowConnect *:443"      to allow just this port, to any IP
    > "AllowConnect hostname:*" to allow connect to "hostname", but any port
    > "AllowConnect *"          to undo the builtin 443 & 563 limit
                                and allow connections to any port
                                (is that a good idea?)
    > "AllowConnect *:*"        any IP, any port
    > "AllowConnect a.b.c.d:443 d.e.f.g:8443 ..." to allow connections
                                to the hosts in the list

* Also, the C++ comments must be changed to C comments

* an update for the manual must be written

* it must be tested.

The current patch compiles fine, and works, but makes "access control"
overly complex (which it already was in the proxy anyways).
For example, I have:

  ProxyConnAllow 139.25.72.3 172.25.124.236 
  AllowCONNECT   443 8443 8100

I only _want_ some of these pairs to work, and forbid others (like:
139.25.72.3:443 and 172.25.124.236:8443 are Ok, but 172.25.124.236:443 isn't)
The current patch doesn't allow for this.
Also, it adds another new directive to mod_proxy...

Don't know what to suggest for 1.3.25 -- I'm going on vacation from 02-Jun
thru 19-Jun and cannot help much.

   Martin
-- 
<Ma...@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany