[mod-security-users] Restricting a forward proxy
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Restricting a forward proxy
|
From: Charles D. <cd...@sp...> - 2004-11-20 16:30:28
|
All, I wish to configure Apache to support CONNECT-based proxying to a single destination host and port only, and deny all other proxy requests (CONNECT-based and otherwise). mod_proxy, as written, appears to be too weak to allow this (no AllowProxy directive for whitelisting the single allowed target address, no obvious-to-me way to disallow all methods but CONNECT), so I'm interested in using mod_security to implement these rules. Because I have no prior experience with mod_proxy and an iffy-at-best understanding of how non-CONNECT-based HTTP/FTP-over-HTTP proxying works, I'm hesitant to try to do this on my own (given the risk of creating an open proxy both out to the world and in to my company's network). Might anyone suggest a set of configuration directives appropriate to the task? Thanks! |
