|
Home > Archive > Apache Server configuration support > December 2005 > mod_proxy_connect HTTP CONNECT -- fails to limit to localhost ports only
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
mod_proxy_connect HTTP CONNECT -- fails to limit to localhost ports only
|
|
|
| Dear folks,
I am having trouble with configuring mod_proxy_connect to limit
"AllowCONNECT port_a ... port_z" where the ports are on *localhost*
only.
I tried directives from httpd 2.0 manual, but failed. Search in MARC
archives/google seems to have no close match, and now I seek your help.
The env:
Server version: Apache/2.0.53
Server built: Apr 20 2005 18:46:06
On NetBSD 1.5
My conf part:
ProxyRequests On
ProxyVia On
<Proxy *> //please see below other directives I tried but failed
Order deny,allow
Allow from all
</Proxy>
Noproxy 192.168.167.106
AllowCONNECT 23 3082 3083
Base problem(#1) is that I want to allow connections to ports on
localhost only, and NOT to other remote host port, as that is a
security hole in my case.
Also even if I wanted (problem#2), I do not find a way to make
(remote-)host-specific AllowCONNECT. Do I have a way?
(I generate my conf runtime to match my application port#, and other
remote host does not necessarily have same port#.)
Here is how I test, and note that I am able to make connection to
192.168.167.113 port 23, which I do not want to happen when trying the
proxy on 192.168.167.106 httpd.
$ telnet 192.168.167.106 80
Trying 192.168.167.106...
Connected to x.int.y.com.
Escape character is '^]'.
CONNECT 192.168.167.113:23 HTTP/1.1 //I write this
Host: 192.168.167.113:23 //I write this
//I write this, another linefeed
HTTP/1.0 200 Connection Established
Proxy-agent: Apache/2.0.53 (Unix) mod_ssl/2.0.53
OpenSSL/0.9.6m DAV/2
MyBoxXXX(YYY) booted Sat Dec 3 02:37:23 PST 2005, up for 82:20:23
//connected!! It should fail!
------------I tried these directives--------
ProxyBlock * // connects to none
Noproxy // connects to none
ProxyVia off //no change
<Proxy localhost > //connects to everything
<Proxy *> //of course i don't want that, connects to all.
The following had same outcome.
<Proxy localhost.localdomain>
<Proxy localhost.localdomain:80>
<Proxy http://localhost.localdomain:80>
<ProxyMatch http://localhost*>
<ProxyMatch http://localhost.*>
<ProxyMatch localhost.localdomain.*>
<ProxyMatch localhost.localdomain:80.*>
<ProxyMatch http://localhost.localdomain:80.*>
There could be some directive/regex to solve this problem which I
possibly fail to understand. As solution my preference would be
a. no regex at all
b. use "localhost" in regex
c. use IP address in regex
I really appreciate any solution, including any kind response. Regards,
Ashis
| |
|
|
|
| "ashis" <mandalfamily@gmail.com> schreef in bericht
news:1134671140.225150.149010@g44g2000cwa.googlegroups.com...
> mod_proxy_connect HTTP CONNECT --
> fails to limit to localhost ports only
> Any help? please .......
>
Any clue of what, how and why?
Sample request, expectations and results needed
HansH
| |
|
| Please read my first posting which details. Please ask question if that
does not help. Note that your question were not clear. thanks,
ashis
HansH wrote:
> "ashis" <mandalfamily@gmail.com> schreef in bericht
> news:1134671140.225150.149010@g44g2000cwa.googlegroups.com...
> Any clue of what, how and why?
> Sample request, expectations and results needed
>
> HansH
|
|
|
|
|