On Tue, May 28, 2002 at 12:47:17PM -0400, Jim Jagielski wrote:
> Looks interesting and useful... should we fold into 1.3 (and 2.0)?
Second thoughts:
* it would be nice if this functionality could be folded into AllowCONNECT.
- AllowConnect currently accepts only ports (thus a misnomer,
a better name might have been AllowConnectPorts).
- I imagine an
> "AllowConnect *:443" to allow just this port, to any IP
> "AllowConnect hostname:*" to allow connect to "hostname", but any port
> "AllowConnect *" to undo the builtin 443 & 563 limit
and allow connections to any port
(is that a good idea?)
> "AllowConnect *:*" any IP, any port
> "AllowConnect a.b.c.d:443 d.e.f.g:8443 ..." to allow connections
to the hosts in the list
* Also, the C++ comments must be changed to C comments
* an update for the manual must be written
* it must be tested.
The current patch compiles fine, and works, but makes "access control"
overly complex (which it already was in the proxy anyways).
For example, I have:
ProxyConnAllow 139.25.72.3 172.25.124.236
AllowCONNECT 443 8443 8100
I only _want_ some of these pairs to work, and forbid others (like:
139.25.72.3:443 and 172.25.124.236:8443 are Ok, but 172.25.124.236:443 isn't)
The current patch doesn't allow for this.
Also, it adds another new directive to mod_proxy...
Don't know what to suggest for 1.3.25 -- I'm going on vacation from 02-Jun
thru 19-Jun and cannot help much.
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
