Apache HTTP Server Version 2.5
Description: | mod_proxy extension for
CONNECT request handling |
---|---|
Status: | Extension |
Module Identifier: | proxy_connect_module |
Source File: | mod_proxy_connect.c |
This module requires the service of mod_proxy
. It provides support for the CONNECT
HTTP method. This method is mainly used to tunnel SSL requests
through proxy servers.
Thus, in order to get the ability of handling CONNECT
requests, mod_proxy
and
mod_proxy_connect
have to be present in the server.
CONNECT is also used when the server needs to send an HTTPS request
through a forward proxy. In this case the server acts as a CONNECT client.
This functionality is part of mod_proxy
and
mod_proxy_connect
is not needed in this case.
Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.
mod_proxy_connect
creates the following request notes for
logging using the %{VARNAME}n
format in
LogFormat
or
ErrorLogFormat
:
CONNECT method requests are controlled by the
Proxy
block
as any other HTTP request going through.
SSL connections through a proxy may be filtered explicitly
by specifying the target host and port, for instance:
<Proxy www.example.com:443> Require ip 192.168.0.0/16 </Proxy>
Description: | Ports that are allowed to CONNECT through the
proxy |
---|---|
Syntax: | AllowCONNECT port[-port]
[port[-port]] ... |
Default: | AllowCONNECT 443 563 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_proxy_connect |
Compatibility: | Moved from mod_proxy in Apache 2.3.5.
Port ranges available since Apache 2.3.7. |
The AllowCONNECT
directive specifies a list
of port numbers or ranges to which the proxy CONNECT
method
may connect. Today's browsers use this method when a https
connection is requested and proxy tunneling over HTTP is in effect.
By default, only the default https port (443
) and the
default snews port (563
) are enabled. Use the
AllowCONNECT
directive to override this default and
allow connections to the listed ports only.