You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Ma...@hyperreal.com on 1997/03/27 17:40:02 UTC
mod_proxy/271: Access control for proxy does not work.
>Number: 271
>Category: mod_proxy
>Synopsis: Access control for proxy does not work.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Thu Mar 27 08:40:01 1997
>Originator: Martin.Kraemer@Mch.SNI.De
>Organization:
apache
>Release: 1.2b8-dev
>Environment:
SVR4-intel
>Description:
I'm using apache with the mod_proxy module and the following access control(s):
<IfModule mod_proxy.c>
<Directory proxy:*>
order deny,allow
deny from all
allow from 127.0.0.1 139.25.113.10 192.168.123.1
#allow from 139.25.112.104
</Directory>
</IfModule>
Then I try to access http://www.geocities.com/ from the host 139.25.112.104
and get (correctly):
[Thu Mar 27 17:06:54 1997] access to proxy:http://www.geocities.com/ failed for pgtd0119, reason: Client denied by server configuration
pgtd0119 unknown - [27/Mar/1997:17:16:42 +0100] "GET http://www.geocities.com/ HTTP/1.0" 403 1089
But when I send a second request http://www.geocities.com/foo.bar
then the server passes the request to www.geocities.com, i.e.,
it performs the proxy service that should be disallowed:
pgtd0119 unknown - [27/Mar/1997:17:16:53 +0100] "GET http://www.geocities.com/foo.bar HTTP/1.0" 404 1064
BTW: It would be nice if proxy (or any) access could be limited on host+path
level, not just host level.
>How-To-Repeat:
See above.
>Fix:
>Audit-Trail:
>Unformatted:
Kraemer <Ma...@Mch.SNI.De>
Reply-To: Martin.Kraemer@Mch.SNI.De
X-send-pr-version: 3.2
Re: mod_proxy/271: Access control for proxy does not work.
Posted by Chuck Murcko <ch...@topsail.org>.
Martin, there was a typo in the proxy docs:
<IfModule mod_proxy.c>
<Directory proxy:*>
<Limit GET>
order deny,allow
deny from all
allow from 127.0.0.1 139.25.113.10 192.168.123.1
#allow from 139.25.112.104
</Limit>
</Directory>
</IfModule>
does work, and the docs are corrected.
Martin@hyperreal.com wrote:
>
> >Number: 271
> >Category: mod_proxy
> >Synopsis: Access control for proxy does not work.
> >Confidential: no
> >Severity: serious
> >Priority: medium
> >Responsible: apache (Apache HTTP Project)
> >State: open
> >Class: sw-bug
> >Submitter-Id: apache
> >Arrival-Date: Thu Mar 27 08:40:01 1997
> >Originator: Martin.Kraemer@Mch.SNI.De
> >Organization:
> apache
> >Release: 1.2b8-dev
> >Environment:
> SVR4-intel
> >Description:
> I'm using apache with the mod_proxy module and the following access control(s):
>
> <IfModule mod_proxy.c>
> <Directory proxy:*>
> order deny,allow
> deny from all
> allow from 127.0.0.1 139.25.113.10 192.168.123.1
> #allow from 139.25.112.104
> </Directory>
> </IfModule>
>
> Then I try to access http://www.geocities.com/ from the host 139.25.112.104
> and get (correctly):
>
> [Thu Mar 27 17:06:54 1997] access to proxy:http://www.geocities.com/ failed for pgtd0119, reason: Client denied by server configuration
> pgtd0119 unknown - [27/Mar/1997:17:16:42 +0100] "GET http://www.geocities.com/ HTTP/1.0" 403 1089
>
> But when I send a second request http://www.geocities.com/foo.bar
> then the server passes the request to www.geocities.com, i.e.,
> it performs the proxy service that should be disallowed:
>
> pgtd0119 unknown - [27/Mar/1997:17:16:53 +0100] "GET http://www.geocities.com/foo.bar HTTP/1.0" 404 1064
>
> BTW: It would be nice if proxy (or any) access could be limited on host+path
> level, not just host level.
> >How-To-Repeat:
> See above.
> >Fix:
>
> >Audit-Trail:
> >Unformatted:
>
> Kraemer <Ma...@Mch.SNI.De>
> Reply-To: Martin.Kraemer@Mch.SNI.De
> X-send-pr-version: 3.2
--
chuck
Chuck Murcko
The Topsail Group, West Chester PA USA
chuck@topsail.org