Apache HTTP Server Version 2.4
Apache Module mod_proxy_connect
Description: | mod_proxy extension for
CONNECT request handling |
---|---|
Status: | Extension |
Module Identifier: | proxy_connect_module |
Source File: | mod_proxy_connect.c |
Summary
This module requires the service of mod_proxy
. It provides support for the CONNECT
HTTP method. This method is mainly used to tunnel SSL requests
through proxy servers.
Thus, in order to get the ability of handling CONNECT
requests, mod_proxy
and
mod_proxy_connect
have to be present in the server.
CONNECT is also used when the server needs to send an HTTPS request
through a forward proxy. In this case the server acts as a CONNECT client.
This functionality is part of mod_proxy
and
mod_proxy_connect
is not needed in this case.
Warning
Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.
Request notes
mod_proxy_connect
creates the following request notes for
logging using the %{VARNAME}n
format in
LogFormat
or
ErrorLogFormat
:
- proxy-source-port
- The local port used for the connection to the backend server.
AllowCONNECT Directive
Description: | Ports that are allowed to CONNECT through the
proxy |
---|---|
Syntax: | AllowCONNECT port[-port]
[port[-port]] ... |
Default: | AllowCONNECT 443 563 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_proxy_connect |
Compatibility: | Moved from mod_proxy in Apache 2.3.5.
Port ranges available since Apache 2.3.7. |
The AllowCONNECT
directive specifies a list
of port numbers or ranges to which the proxy CONNECT
method
may connect. Today's browsers use this method when a https
connection is requested and proxy tunneling over HTTP is in effect.
By default, only the default https port (443
) and the
default snews port (563
) are enabled. Use the
AllowCONNECT
directive to override this default and
allow connections to the listed ports only.