Hi,
that helped me to do what I wanted. Now my apache configuration looks like
this:
<ProxyMatch ".*">
deny from all
</ProxyMatch>
<ProxyMatch "^www.trustedhost1.com|^www.trustedhost2.com|http://.*|ftp://.*";>
allow from all
SetOutputFilter CLAMAV
</ProxyMatch>
allows me to access some trusted ssl hosts and all other ftp and http traffic
is filtered via clamav.
thanks a lot.
kind regards
Sebastian
Axel-Stéphane__SMORGRAV <[EMAIL PROTECTED]> wrote:
> The thing is that the URL requested by the CONNECT method is not prefixed
with http://. Therefore, <ProxyMatch "^https"> will never match anything
unless the host name is https.
>
> The following wil disallow access to http://www.forbidden.com/ (which
translates into "GET http://www.forbidden.com/";) but allow anything else
whether http or https.
>
> <ProxyMatch "^http://www.forbidden.com";>
> deny from all
> </ProxyMatch>
>
> The following will disallow https://www.forbidden.com (which translates into
"CONNECT www.forbidden.com") but allow anything else...
>
> <ProxyMatch "^www.forbidden.com">
> deny from all
> </ProxyMatch>
>
> -ascs
>
> -----Original Message-----
> From: Sebastian Reitenbach [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 01, 2006 12:58 PM
> To: [email protected]
> Subject: RE: [EMAIL PROTECTED] only allowing specific hosts via https proxy
>
> Hi,
>
> Axel-Stéphane__SMORGRAV <[EMAIL PROTECTED]> wrote:
> > Do you have both proxymatch blocks in the same configuration ??
> >
>
>
> no, I tested with the first ProxyMatch, and the http site was blocked, then
I added the s to the http and restarted apache. And I was able to retrieve the
https site.
>
>
>
> >
> > The following will block all traffic to e.g. http://www.ccc.de
> > <ProxyMatch "http.*.ccc.de.*">
> > order deny,allow
> > deny from all
> > allow from none
> > </ProxyMatch>
> >
> > But the following will not block traffic to e.g. https://www.ccc.de >
<ProxyMatch "https.*.ccc.de.*">
> > order deny,allow
> > deny from all
> > allow from none
> > </ProxyMatch>
> >
>
> kind regards
> sebastian
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
Sebastian Reitenbach Tel.: ++49-(0)3381-8904-305
RapidEye AG Fax: ++49-(0)3381-8904-101
Friedrich-Franz-Str. 19 e-mail:[EMAIL PROTECTED]
D-14770 Brandenburg web:http://www.rapideye.de
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
