[users@httpd] Securing forward proxy for CONNECT

["Foster, Stephen (ASPIRE)" <st...@hmrcaspire.com>]

Hi there,

 

I am using apache to proxy https requests to a remote server using the
AllowCONNECT method and am using ProxyRemote to send everything. What I
really need to do is limit what the proxy will send but everything I try
is not giving me what I want.

 

Client issues the request for https://www.anotherdomain.com:8444/URL
after setting their browser proxy settings to my proxy server.

 

Which is fine and gets proxied using the CONNECT Method, but if the
browser issues any other request, e.g hourly RSS get, different homepage
on startup etc. then these all get sent to the Proxy and onwards. This
is okay but I want the proxy to stop these requests unless they match
the URI specified.

 

My current config is as follows:

 

ProxyRequests On

ProxyTimeout 60

 

<Proxy *>

Order Allow,Deny

Allow from all

</Proxy>

 

ProxyPass /server-status !

 

ProxyRemote * http://a.n.otherproxy:8080

AllowCONNECT 8444

 

I have tried using the mod_setenvif to set access control,e.g:

 

SetEnvIf Request_URI ^/URL/* let_me_in

<Proxy *>

Order Deny,Allow

Deny from all

Allow from env=let_me_in

</Proxy>

 

However this only seems to work on straight HTTP calls and not on the
CONNECT method.

 

Any ideas?

 

Cheers

 

Steve


Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini UK plc, a company registered in England and Wales (number 943935) whose registered office is at No. 1 Forge End, Woking, Surrey, GU21 6DB.
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.