Thread: Re: [mod-security-users] Restricting a forward proxy

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

----- Original Message -----
Subject: [mod-security-users] Restricting a forward proxy
From: Charles Duffy <cd...@sp...>
>
> I wish to configure Apache to support CONNECT-based proxying to a single
> destination host and port only, and deny all other proxy requests
> (CONNECT-based and otherwise). mod_proxy, as written, appears to be too
> weak to allow this (no AllowProxy directive for whitelisting the single
> allowed target address, no obvious-to-me way to disallow all methods but
> CONNECT), so I'm interested in using mod_security to implement these
> rules.

  Perhaps you should be looking at mod_rewrite instead, since it
  is designed for that sort of stuff.

  Have a look at the rewrite guide, under the section "URL-Restricted
proxy":
  http://httpd.apache.org/docs/misc/rewriteguide.html

  Since you only want to allow one site your configuration would
  probably be simpler.

Bye,
Ivan