From: Rich Bowen <rbowen@apache.org>
Date: Wed, 29 Apr 2026 18:44:30 +0000 (+0000)
Subject: mod_proxy: Add note about HTTPS/CONNECT access control in forward proxy docs (Bug... 
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c71e27cfb2776b794636dbea4f4aa90c84cf6d4c;p=thirdparty%2Fapache%2Fhttpd.git

mod_proxy: Add note about HTTPS/CONNECT access control in forward proxy docs (Bug 54653)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933522 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index 45a1bd6163..d0444bb79d 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -345,6 +345,14 @@ ProxyPass "/apps"     "http://127"
 &lt;/Proxy&gt;
       </highlight>
 
+      <note><title>HTTPS/CONNECT requests</title>
+      <p>The <code>&lt;Proxy "*"&gt;</code> wildcard above matches all
+      requests, including HTTPS requests tunneled via the CONNECT method.
+      Note that access control for CONNECT tunnels can only match against
+      the host and port — path-based matching (e.g.,
+      <code>&lt;Proxy "https://example.com/path/"&gt;</code>) does not
+      work because CONNECT requests do not contain a path.</p></note>
+
       <p>For more information on access control directives, see
       <module>mod_authz_host</module>.</p>