1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>mod_proxy_connect - Apache HTTP Server Version 2.5</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
<script src="../style/scripts/prettify.min.js" type="text/javascript">
</script>
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
<body>
<div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.5</p>
<img alt="" src="../images/feather.png" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
<div id="page-content">
<div id="preamble"><h1>Apache Module mod_proxy_connect</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy_connect.html" title="English"> en </a> |
<a href="../fr/mod/mod_proxy_connect.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../ja/mod/mod_proxy_connect.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> extension for
<code>CONNECT</code> request handling</td></tr>
<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>proxy_connect_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_proxy_connect.c</td></tr></table>
<h3>Summary</h3>
<p>This module <em>requires</em> the service of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>. It provides support for the <code>CONNECT</code>
HTTP method. This method is mainly used to tunnel SSL requests
through proxy servers.</p>
<p>Thus, in order to get the ability of handling <code>CONNECT</code>
requests, <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> and
<code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> have to be present in the server.</p>
<p>CONNECT is also used when the server needs to send an HTTPS request
through a forward proxy. In this case the server acts as a CONNECT client.
This functionality is part of <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> and
<code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> is not needed in this case.</p>
<div class="warning"><h3>Warning</h3>
<p>Do not enable proxying until you have <a href="mod_proxy.html#access">secured your server</a>. Open proxy
servers are dangerous both to your network and to the Internet at
large.</p>
</div>
</div>
<div id="quickview"><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#notes">Request notes</a></li>
</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#allowconnect">AllowCONNECT</a></li>
</ul>
<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=mod_proxy_connect">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=mod_proxy_connect">Report a bug</a></li></ul><h3>See also</h3>
<ul class="seealso">
<li><code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code></li>
<li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="notes" id="notes">Request notes</a> <a title="Permanent link" href="#notes" class="permalink">¶</a></h2>
<p><code class="module"><a href="../mod/mod_proxy_connect.html">mod_proxy_connect</a></code> creates the following request notes for
logging using the <code>%{VARNAME}n</code> format in
<code class="directive"><a href="../mod/mod_log_config.html#logformat">LogFormat</a></code> or
<code class="directive"><a href="../mod/core.html#errorlogformat">ErrorLogFormat</a></code>:
</p>
<dl>
<dt>proxy-source-port</dt>
<dd>The local port used for the connection to the backend server.</dd>
</dl>
<p>CONNECT method requests are controlled by the
<code class="directive"><a href="../mod/mod_proxy.html#proxy">Proxy</a></code> block
as any other HTTP request going through.
SSL connections through a proxy may be filtered explicitly
by specifying the target host and port, for instance:
</p>
<pre class="prettyprint lang-config"><Proxy www.example.com:443>
Require ip 192.168.0.0/16
</Proxy></pre>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AllowCONNECT" id="AllowCONNECT">AllowCONNECT</a> <a name="allowconnect" id="allowconnect">Directive</a> <a title="Permanent link" href="#allowconnect" class="permalink">¶</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Ports that are allowed to <code>CONNECT</code> through the
proxy</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AllowCONNECT <var>port</var>[-<var>port</var>]
[<var>port</var>[-<var>port</var>]] ...</code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AllowCONNECT 443 563</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_proxy_connect</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Moved from <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> in Apache 2.3.5.
Port ranges available since Apache 2.3.7.</td></tr>
</table>
<p>The <code class="directive">AllowCONNECT</code> directive specifies a list
of port numbers or ranges to which the proxy <code>CONNECT</code> method
may connect. Today's browsers use this method when a <code>https</code>
connection is requested and proxy tunneling over HTTP is in effect.</p>
<p>By default, only the default https port (<code>443</code>) and the
default snews port (<code>563</code>) are enabled. Use the
<code class="directive">AllowCONNECT</code> directive to override this default and
allow connections to the listed ports only.</p>
</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_proxy_connect.html" title="English"> en </a> |
<a href="../fr/mod/mod_proxy_connect.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="../ja/mod/mod_proxy_connect.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
<script type="text/javascript"><!--//--><![CDATA[//><!--
var comments_shortname = 'httpd';
var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_proxy_connect.html';
(function(w, d) {
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
}
else {
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
}
})(window, document);
//--><!]]></script></div><div id="footer">
<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
prettyPrint();
}
//--><!]]></script>
</body></html>
|