You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2002/05/28 18:47:17 UTC
mod_proxy and PR 10246 for 1.3.25
Looks interesting and useful... should we fold into 1.3 (and 2.0)?
--
===========================================================================
Jim Jagielski [|] jim@jaguNET.com [|] http://www.jaguNET.com/
"A society that will trade a little liberty for a little order
will lose both and deserve neither" - T.Jefferson
Re: mod_proxy and PR 10246 for 1.3.25
Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.
On Tue, May 28, 2002 at 12:47:17PM -0400, Jim Jagielski wrote:
> Looks interesting and useful... should we fold into 1.3 (and 2.0)?
+1 (untested)
Martin
--
<Ma...@Fujitsu-Siemens.com> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
Re: mod_proxy and PR 10246 for 1.3.25
Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.
On Tue, May 28, 2002 at 12:47:17PM -0400, Jim Jagielski wrote:
> Looks interesting and useful... should we fold into 1.3 (and 2.0)?
Second thoughts:
* it would be nice if this functionality could be folded into AllowCONNECT.
- AllowConnect currently accepts only ports (thus a misnomer,
a better name might have been AllowConnectPorts).
- I imagine an
> "AllowConnect *:443" to allow just this port, to any IP
> "AllowConnect hostname:*" to allow connect to "hostname", but any port
> "AllowConnect *" to undo the builtin 443 & 563 limit
and allow connections to any port
(is that a good idea?)
> "AllowConnect *:*" any IP, any port
> "AllowConnect a.b.c.d:443 d.e.f.g:8443 ..." to allow connections
to the hosts in the list
* Also, the C++ comments must be changed to C comments
* an update for the manual must be written
* it must be tested.
The current patch compiles fine, and works, but makes "access control"
overly complex (which it already was in the proxy anyways).
For example, I have:
ProxyConnAllow 139.25.72.3 172.25.124.236
AllowCONNECT 443 8443 8100
I only _want_ some of these pairs to work, and forbid others (like:
139.25.72.3:443 and 172.25.124.236:8443 are Ok, but 172.25.124.236:443 isn't)
The current patch doesn't allow for this.
Also, it adds another new directive to mod_proxy...
Don't know what to suggest for 1.3.25 -- I'm going on vacation from 02-Jun
thru 19-Jun and cannot help much.
Martin
--
<Ma...@Fujitsu-Siemens.com> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany