You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mario François Jauvin <ma...@mfjassociates.homeip.net> on 2005/08/16 01:46:47 UTC
[users@httpd] RE: Mod_proxy https question
Joost,
Your comment provided me with a solution. What I was doing was as follow. I would deny all access, then I would allow specific sites using config directives like:
<Proxy http://*.microsoft.com>
This would have the effect of only allowing HTTP protocol with sites in the *.microsoft.com domain. Instead of denying all access using the following:
<Proxy *>
Order deny,allow
Deny from all
</Proxy>
I now disallow access for HTTP protocol with the following:
<Proxy http://*>
Order deny,allow
Deny from all
</Proxy>
This still leaves access to allowing proxy for HTTPS protocol and I can continu limiting specifically what is allowed for the HTTP protocol as before.
Thank you.
-----Original Message-----
From: Joost de Heer [mailto:sanguis@xs4all.nl]
Sent: August 15, 2005 8:09
To: Mario François Jauvin
Subject: RE: Mod_proxy https question
I've been thinking a bit more:
>> <Proxy https://*.passport.com/*>
>> Order deny,allow
>> Deny from all
>> Allow from 10.0.0
>> </Proxy>
>
>> This does not allow clients from subnet 10.0.0 to obtain pages from any
>> SSL URL at passport.com.
Because the connection arrives in an encrypted state for the proxy, so
Apache never sees the destination URL.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org