Stefan Kroon wrote:
I took a look into the apache (module) sources and I think it is not too hard to add the ProxyAllow directive. But I want to ask you if you support the solution and think whether it is useful to add the ProxyAllow-directive? Maybe I can use a different solution to reach my goal?
There are three types of protocols that can be supported by proxy: ftp, http and connect. One strategy that might work for you is to use ProxyBlock to deny access to ftp and http, while not denying access to connect.
Regards, Graham --
Hi Graham,
Indeed I meant to use the 'connect'. This connect allows you to connect to any host on the Internet. By default it is only allowed to connect to port 80 or 443 to any not-blocked host. But when you use the AllowCONNECT directive, it is allowed to connect to any other port at any other host. You will understand that that will cause a security leak, because people can misuse this for ip-spoofing. So I want to narrow the number of hosts and ports that can be accesed using the 'CONNECT'-request. I want the downloaded Java-Applet be able to connect to my own server-application by using port 80.
Regards, Stefan
