Index: modules/proxy/mod_proxy_connect.c
===================================================================
--- modules/proxy/mod_proxy_connect.c (revision 1932327)
+++ modules/proxy/mod_proxy_connect.c (working copy)
@@ -48,6 +48,7 @@
typedef struct {
apr_array_header_t *allowed_connect_ports;
+ int allow_none;
} connect_conf;
typedef struct {
@@ -71,6 +72,7 @@
c->allowed_connect_ports = apr_array_append(p,
base->allowed_connect_ports,
overrides->allowed_connect_ports);
+ c->allow_none = overrides->allow_none || base->allow_none;
return c;
}
@@ -90,8 +92,13 @@
char *endptr;
const char *p = arg;
+ if (!ap_cstr_casecmp(arg, "none")) {
+ conf->allow_none = 1;
+ return NULL;
+ }
+
if (!apr_isdigit(arg[0]))
- return "AllowCONNECT: port numbers must be numeric";
+ return "AllowCONNECT: port numbers must be numeric, or 'None'";
first = strtol(p, &endptr, 10);
if (*endptr == '-') {
@@ -119,6 +126,10 @@
int i;
port_range *list = (port_range *) conf->allowed_connect_ports->elts;
+ if (conf->allow_none) {
+ return 0;
+ }
+
if (apr_is_empty_array(conf->allowed_connect_ports)) {
return port == APR_URI_HTTPS_DEFAULT_PORT
|| port == APR_URI_SNEWS_DEFAULT_PORT;
Index: docs/manual/mod/mod_proxy_connect.xml
===================================================================
--- docs/manual/mod/mod_proxy_connect.xml (revision 1932327)
+++ docs/manual/mod/mod_proxy_connect.xml (working copy)
@@ -83,7 +83,7 @@
Ports that are allowed to CONNECT through the
proxy
AllowCONNECT port[-port]
-[port[-port]] ...
+[port[-port]] ... | None
AllowCONNECT 443 563
server configvirtual host
@@ -100,6 +100,9 @@
default snews port (563) are enabled. Use the
AllowCONNECT directive to override this default and
allow connections to the listed ports only.
+
+ Set the value to None to disallow
+ CONNECT requests to all ports, including the defaults.