mod_proxy: Add note about HTTPS/CONNECT access control in forward proxy docs (Bug...

author Rich Bowen <rbowen@apache.org>

Wed, 29 Apr 2026 18:44:30 +0000 (18:44 +0000)

committer Rich Bowen <rbowen@apache.org>

Wed, 29 Apr 2026 18:44:30 +0000 (18:44 +0000)
author Rich Bowen <rbowen@apache.org>
Wed, 29 Apr 2026 18:44:30 +0000 (18:44 +0000)
committer Rich Bowen <rbowen@apache.org>
Wed, 29 Apr 2026 18:44:30 +0000 (18:44 +0000)
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml

index 45a1bd6163687ac25f16189bbe1c830202564063..d0444bb79d717430b9b18de911a460b3e3047240 100644 (file)
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -345,6 +345,14 @@ ProxyPass "/apps"     "http://127"
  &lt;/Proxy&gt;
        </highlight>
  
+      <note><title>HTTPS/CONNECT requests</title>
+      <p>The <code>&lt;Proxy "*"&gt;</code> wildcard above matches all
+      requests, including HTTPS requests tunneled via the CONNECT method.
+      Note that access control for CONNECT tunnels can only match against
+      the host and port — path-based matching (e.g.,
+      <code>&lt;Proxy "https://example.com/path/"&gt;</code>) does not
+      work because CONNECT requests do not contain a path.</p></note>
+
        <p>For more information on access control directives, see
        <module>mod_authz_host</module>.</p>
author	Rich Bowen <rbowen@apache.org>
	Wed, 29 Apr 2026 18:44:30 +0000 (18:44 +0000)
committer	Rich Bowen <rbowen@apache.org>
	Wed, 29 Apr 2026 18:44:30 +0000 (18:44 +0000)