git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] Configuring httpd forward proxy to restrict destinations by subnet


I have an Apache httpd v2.2 server (on Centos 6) set up as a forward proxy to get to a DMZ in a test lab environment. It is working, but I would like to restrict destinations to specific subnets, both IPv4 and IPv6. I've searched for a solution and have not been able to find and answer.

Here is the virtualhost segment of my httpd.conf file:

<VirtualHost 10.10.10.185:8080>
  ProxyRequests On
  ProxyVia On
  ProxyBlock "10.20.30.30"
  <Proxy *>
    Order deny,allow
    Allow from 10.1.0.0/24 
    Deny from all
  </Proxy>
  ErrorLog "/var/log/httpd/proxy-error.log"
  CustomLog "/var/log/httpd/proxy-access.log" common
</VirtualHost>

The above config allows incoming connections from the 10.1.0.0/24 subnet. It does not allow connections specifically to 10.20.30.30 through the proxy. Instead of blocking that single address, I would like to specify a set of subnets that are allowed, and everything else be denied. For example, allow:

2001:1111:2222:301::0/64
2001:1111:2222:302::0/64
10.20.40.0/24

But block everything else from passing through the proxy. I understand that this would block any url that used a hostname instead of an IP address.

Thanks in advance for any help you can provide.
Regards,
Mike M.


( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache2-users/msg02417.html on line 69
Call Stack
#TimeMemoryFunctionLocation
10.0006364584{main}( ).../msg02417.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache2-users/msg02417.html on line 69
Call Stack
#TimeMemoryFunctionLocation
10.0006364584{main}( ).../msg02417.html:0