From: Fabien Coelho <fabien@apache.org>
Date: Thu, 1 Jan 2015 13:56:40 +0000 (+0000)
Subject: Add a hint about how CONNECT-method requests are filtered out by <Proxy>,
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f73b93bd551c00746c53a2163bf7d17a58c38c26;p=thirdparty%2Fapache%2Fhttpd.git

Add a hint about how CONNECT-method requests are filtered out by <Proxy>,
and how to enable them. I could not find this information easily.

In particular, the straightforward <Proxy https://www.example.com>... does
not allow CONNECT to the corresponding SSL server. Probably it would work
if a web client sent a "GET https://www.example.com/ HTTP/1.1" to the
proxy, but none would do that.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1648846 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index 75f2f982ae6..db2fe401bf3 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -490,6 +490,18 @@ ProxyPass /examples http://backend.example.com/examples timeout=10
 &lt;/Proxy&gt;
     </highlight>
 
+    <p>The next example will allow web clients from the specified IP
+    addresses to issue <code>CONNECT</code> requests to access the
+    <code>https://www.example.com/</code> SSL server, if
+    <module>mod_proxy_connect</module> is enabled.
+    </p>
+
+   <highlight language="config">
+&lt;Proxy www.example.com:443&gt;
+  Require ip 192.168.0.0/16
+&lt;/Proxy&gt;
+   </highlight>
+
     <note><title>Differences from the Location configuration section</title>
       <p>A backend URL matches the configuration section if it begins with the 
       the <var>wildcard-url</var> string, even if the last path segment in the
diff --git a/docs/manual/mod/mod_proxy_connect.xml b/docs/manual/mod/mod_proxy_connect.xml
index 01761f2cef3..76bf8b41947 100644
--- a/docs/manual/mod/mod_proxy_connect.xml
+++ b/docs/manual/mod/mod_proxy_connect.xml
@@ -63,6 +63,19 @@
         <dt>proxy-source-port</dt>
         <dd>The local port used for the connection to the backend server.</dd>
     </dl>
+
+   <p>CONNECT method requests are controlled by the
+   <directive module="mod_proxy">Proxy</directive> block
+   as any other HTTP request going through.
+   SSL connections through a proxy may be filtered explicitely
+   by specifying the target host and port, for instance:
+   </p>
+
+   <highlight language="config">
+&lt;Proxy www.example.com:443&gt;
+  Require ip 192.168.0.0/16
+&lt;/Proxy&gt;
+   </highlight>
 </section>
 
 <directivesynopsis>