Configuring a CONNECT-only, single-destination proxy

Configuring a CONNECT-only, single-destination proxy

am 20.11.2004 01:41:11 von Charles Duffy

Folks,

I'm trying to configure mod_proxy to allow connections from anywhere to a
single host and port, via the CONNECT method only, and am having quite
a bit of difficulty seeing how to do it.

Is this at all possible w/o additional development?

[SOLVED] Re: Configuring a CONNECT-only, single-destination proxy

am 20.11.2004 21:48:27 von Charles Duffy

The below is based on a suggestion provided on Rici Lake of freenode's
#apache. It requires a minor patch to mod_setenvif, also below. (If anyone
might be interested in guiding me to get this patch pushed upstream, I'd
be glad to make changes, documentation expansions, etc -- or simply post
it to a more appropriate forum).


ProxyRequests On
NoCache *
AllowCONNECT 55900

SetEnvIf Request_Method CONNECT deny_me
SetEnvIf Connect_Host "^demo.isgenesis.com:55900$" !deny_me



Deny from all

Order allow,deny
Deny from env=deny_me
Allow from all




--- apache_1.3.33/src/modules/standard/mod_setenvif.c.orig 2004-11-20 10:59:19.000000000 -0600
+++ apache_1.3.33/src/modules/standard/mod_setenvif.c 2004-11-20 10:59:25.000000000 -0600
@@ -50,6 +50,7 @@
*
* server_addr IP address of interface on which request arrived
* (analogous to SERVER_ADDR set in ap_add_common_vars())
+ * connect_host Remote host used for CONNECT method
* remote_host Remote host name (if available)
* remote_addr Remote IP address
* request_method Request method (GET, POST, etc)
@@ -80,6 +81,7 @@

enum special {
SPECIAL_NOT,
+ SPECIAL_CONNECT_HOST,
SPECIAL_REMOTE_ADDR,
SPECIAL_REMOTE_HOST,
SPECIAL_REQUEST_URI,
@@ -219,7 +221,10 @@
}
new->features = ap_make_table(cmd->pool, 2);

- if (!strcasecmp(fname, "remote_addr")) {
+ if (!strcasecmp(fname, "connect_host")) {
+ new->special_type = SPECIAL_CONNECT_HOST;
+ }
+ else if (!strcasecmp(fname, "remote_addr")) {
new->special_type = SPECIAL_REMOTE_ADDR;
}
else if (!strcasecmp(fname, "remote_host")) {
@@ -352,6 +357,9 @@
if (b->name != last_name) {
last_name = b->name;
switch (b->special_type) {
+ case SPECIAL_CONNECT_HOST:
+ val = r->parsed_uri.hostname;
+ break;
case SPECIAL_REMOTE_ADDR:
val = r->connection->remote_ip;
break;

Re: [SOLVED] Re: Configuring a CONNECT-only, single-destination proxy

am 21.11.2004 02:32:23 von wrowe

At 02:48 PM 11/20/2004, Charles Duffy wrote:
>The below is based on a suggestion provided on Rici Lake of freenode's
>#apache. It requires a minor patch to mod_setenvif, also below. (If anyone
>might be interested in guiding me to get this patch pushed upstream, I'd
>be glad to make changes, documentation expansions, etc -- or simply post
>it to a more appropriate forum).
>
>--- apache_1.3.33/src/modules/standard/mod_setenvif.c.orig 2004-11-20 10:59:19.000000000 -0600
>+++ apache_1.3.33/src/modules/standard/mod_setenvif.c 2004-11-20 10:59:25.000000000 -0600
> enum special {
> SPECIAL_NOT,
>+ SPECIAL_CONNECT_HOST,
> SPECIAL_REMOTE_ADDR,
> SPECIAL_REMOTE_HOST,
> SPECIAL_REQUEST_URI,

You realized you just renumbered every const but for SPECIAL_NOTE?
Our style recommendation is always add enum/struct members to the
end of the declaration.

Resend (with that note already fixed) to the dev@httpd.apache.org
list for consideration - modproxy-dev is somewhat dead now that
major refactoring was re-integrated into the core.

>@@ -219,7 +221,10 @@
> }
> new->features = ap_make_table(cmd->pool, 2);
>
>- if (!strcasecmp(fname, "remote_addr")) {
>+ if (!strcasecmp(fname, "connect_host")) {
>+ new->special_type = SPECIAL_CONNECT_HOST;
>+ }
>+ else if (!strcasecmp(fname, "remote_addr")) {
> new->special_type = SPECIAL_REMOTE_ADDR;
> }
> else if (!strcasecmp(fname, "remote_host")) {
>@@ -352,6 +357,9 @@
> if (b->name != last_name) {
> last_name = b->name;
> switch (b->special_type) {
>+ case SPECIAL_CONNECT_HOST:
>+ val = r->parsed_uri.hostname;
>+ break;
> case SPECIAL_REMOTE_ADDR:
> val = r->connection->remote_ip;
> break;

Re: [SOLVED] Re: Configuring a CONNECT-only, single-destination proxy

am 21.11.2004 05:47:13 von Charles Duffy

On Sat, 20 Nov 2004 19:32:23 -0600, William A. Rowe, Jr. wrote:
> You realized you just renumbered every const but for SPECIAL_NOTE?
> Our style recommendation is always add enum/struct members to the
> end of the declaration.

Ahh. I was trying to preserve the alphabetical order... patch adjusted
(with some other, naming-related changes) and sent to the referenced list.
Thanks!