DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40746>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40746 Summary: Feature request: ProxyAllow directive Product: Apache httpd-2 Version: 2.0.58 Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P3 Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] My company has an Apache proxy server which is used not as a firewall, but as a whitelisted passthrough. So we need to be able to restrict incoming requests to just a selected set of servers. One of the services we will be proxying to requires the use of an HTTP CONNECT instead of the usual RewriteRule we use to select most of the other services. But the AllowCONNECT directive in the stock Apache distribution doesn't provide any way to restrict connections to certain hosts; it only restricts what ports can be connected to. The ProxyBlock directive is the closest analogue to what we need. It blocks given hosts, but allows all others. We need just the opposite: to allow given hosts, but block all others. So I created the following patch (against 2.0.59) which basically just uses the same code as ProxyBlock but reverses its meaning. If a ProxyAllow directive exists in the configuration, then all proxy targets will be blocked except for those listed. If this directive is not present, then Apache allows all target hosts by default. There are of course further improvements that could be made, but which I didn't have time to implement: a directive like Order that would specify whether to evaluate ProxyAllow before or after ProxyBlock; and a way to specify whether the ProxyBlock and ProxyAllow directives apply to only rewrite rules, AllowCONNECT, or both. (Currently these directives apply to all types of proxies. We only needed it for the AllowCONNECT directive.) -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
