The below is based on a suggestion provided on Rici Lake of freenode's
#apache. It requires a minor patch to mod_setenvif, also below. (If anyone
might be interested in guiding me to get this patch pushed upstream, I'd
be glad to make changes, documentation expansions, etc -- or simply post
it to a more appropriate forum).
<IfModule mod_proxy.c>
ProxyRequests On
NoCache *
AllowCONNECT 55900
SetEnvIf Request_Method CONNECT deny_me
SetEnvIf Connect_Host "^demo.isgenesis.com:55900$" !deny_me
<Directory proxy:*>
<LimitExcept CONNECT>
Deny from all
</LimitExcept>
Order allow,deny
Deny from env=deny_me
Allow from all
</Directory>
</IfModule>
--- apache_1.3.33/src/modules/standard/mod_setenvif.c.orig 2004-11-20
10:59:19.000000000 -0600
+++ apache_1.3.33/src/modules/standard/mod_setenvif.c 2004-11-20
10:59:25.000000000 -0600
@@ -50,6 +50,7 @@
*
* server_addr IP address of interface on which request arrived
* (analogous to SERVER_ADDR set in ap_add_common_vars())
+ * connect_host Remote host used for CONNECT method
* remote_host Remote host name (if available)
* remote_addr Remote IP address
* request_method Request method (GET, POST, etc)
@@ -80,6 +81,7 @@
enum special {
SPECIAL_NOT,
+ SPECIAL_CONNECT_HOST,
SPECIAL_REMOTE_ADDR,
SPECIAL_REMOTE_HOST,
SPECIAL_REQUEST_URI,
@@ -219,7 +221,10 @@
}
new->features = ap_make_table(cmd->pool, 2);
- if (!strcasecmp(fname, "remote_addr")) {
+ if (!strcasecmp(fname, "connect_host")) {
+ new->special_type = SPECIAL_CONNECT_HOST;
+ }
+ else if (!strcasecmp(fname, "remote_addr")) {
new->special_type = SPECIAL_REMOTE_ADDR;
}
else if (!strcasecmp(fname, "remote_host")) {
@@ -352,6 +357,9 @@
if (b->name != last_name) {
last_name = b->name;
switch (b->special_type) {
+ case SPECIAL_CONNECT_HOST:
+ val = r->parsed_uri.hostname;
+ break;
case SPECIAL_REMOTE_ADDR:
val = r->connection->remote_ip;
break;
