mod_proxy_connect mod_proxy extension for CONNECT request handling Extension mod_proxy_connect.c proxy_connect_module

This module requires the service of mod_proxy. It provides support for the CONNECT HTTP method. This method is mainly used to tunnel SSL requests through proxy servers.

Thus, in order to get the ability of handling CONNECT requests, mod_proxy and mod_proxy_connect have to be present in the server.

CONNECT is also used when the server needs to send an HTTPS request through a forward proxy. In this case the server acts as a CONNECT client. This functionality is part of mod_proxy and mod_proxy_connect is not needed in this case.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

mod_proxy
Request notes

mod_proxy_connect creates the following request notes for logging using the %{VARNAME}n format in LogFormat or ErrorLogFormat:

proxy-source-port
The local port used for the connection to the backend server.

CONNECT method requests are controlled by the Proxy block as any other HTTP request going through. SSL connections through a proxy may be filtered explicitly by specifying the target host and port, for instance:

<Proxy www.example.com:443> Require ip 192.168.0.0/16 </Proxy>
AllowCONNECT Ports that are allowed to CONNECT through the proxy AllowCONNECT port[-port] [port[-port]] ... AllowCONNECT 443 563 server configvirtual host Moved from mod_proxy in Apache 2.3.5. Port ranges available since Apache 2.3.7.

The AllowCONNECT directive specifies a list of port numbers or ranges to which the proxy CONNECT method may connect. Today's browsers use this method when a https connection is requested and proxy tunneling over HTTP is in effect.

By default, only the default https port (443) and the default snews port (563) are enabled. Use the AllowCONNECT directive to override this default and allow connections to the listed ports only.