Description: |
mod_proxy extension for CONNECT request handling |
---|---|
Status: | Extension |
ModuleIdentifier: | proxy_connect_module |
SourceFile: | mod_proxy_connect.c |
This module requires the service of mod_proxy
. It provides support for the CONNECT
HTTP method. This method is mainly used to tunnel SSL requests through proxy servers.
Thus, in order to get the ability of handling CONNECT
requests, mod_proxy
and mod_proxy_connect
have to be present in the server.
CONNECT is also used when the server needs to send an HTTPS request through a forward proxy. In this case the server acts as a CONNECT client. This functionality is part of mod_proxy
and mod_proxy_connect
is not needed in this case.
Warning
Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.
mod_proxy_connect
creates the following request notes for logging using the %{VARNAME}n
format in LogFormat
or ErrorLogFormat
:
Description: | Ports that are allowed to CONNECT through the proxy |
---|---|
Syntax: | AllowCONNECT port[-port] [port[-port]] ... |
Default: | AllowCONNECT 443 563 |
Context: | server config, virtual host |
Status: | Extension |
Module: | mod_proxy_connect |
Compatibility: | Moved from mod_proxy in Apache 2.3.5. Port ranges available since Apache 2.3.7. |
The AllowCONNECT
directive specifies a list of port numbers or ranges to which the proxy CONNECT
method may connect. Today's browsers use this method when a https
connection is requested and proxy tunneling over HTTP is in effect.
By default, only the default https port (443
) and the default snews port (563
) are enabled. Use the AllowCONNECT
directive to override this default and allow connections to the listed ports only.
© 2017 The Apache Software Foundation
Licensed under the Apache License, Version 2.0.
https://httpd.apache.org/docs/2.4/en/mod/mod_proxy_connect.html