Timothy Stone
2003-08-06 15:01:28 UTC
Greetings mod_proxy developers:
Normally, I would not bother a developer list, but certain requirements
in a recent project sparked my desire to post a suggestion for mod_proxy.
The directive: ProxyBlock has very broad or very narrow application.
For example:
ProxyBlock *
Effectively disables Apache as a proxy.
Opposite is:
ProxyBlock .playboy.com .hustler.com .wired.com
which is a very grandular approach.
There is not an "in-between". Specifically, I was handed requirements to
set up a "kiosk-like" box that served local content, but could go to
Mapquest if desired. So my initial idea was to set Apache up as a proxy
that would block traffic to all websites /except/ Mapquest.
Now, I know that other, probably more efficent IP layer methods exist,
but the client does not wish to, or want to, play with their routers.
So I tried, after a number of creative suggestions on the Apache User
list, to get this to work (block all traffic to websites other than
Mapquest). All to no avail.
mod_proxy does not appear, by design it seems, to allow negated domains,
or for example:
ProxyBlock * !.mapquest.com
I'm currently working on some rather creative solutions to fix this (it
appears that no workaround in mod_proxy exists). One such workaround is
to write domains to a text file and periodically restart Apache to
"source" in a new ProxyBlock list (otherwise the sheer amount of upfront
work of entering by hand the global list of domain names is daungting
indeed).
If the developers are open to suggestions, this seems to me to be a near
perfect one.
I thank each of you for your time and for the most excellent HTTPD on
the Internet (I refuse to use anything else!) :)
Tim
Normally, I would not bother a developer list, but certain requirements
in a recent project sparked my desire to post a suggestion for mod_proxy.
The directive: ProxyBlock has very broad or very narrow application.
For example:
ProxyBlock *
Effectively disables Apache as a proxy.
Opposite is:
ProxyBlock .playboy.com .hustler.com .wired.com
which is a very grandular approach.
There is not an "in-between". Specifically, I was handed requirements to
set up a "kiosk-like" box that served local content, but could go to
Mapquest if desired. So my initial idea was to set Apache up as a proxy
that would block traffic to all websites /except/ Mapquest.
Now, I know that other, probably more efficent IP layer methods exist,
but the client does not wish to, or want to, play with their routers.
So I tried, after a number of creative suggestions on the Apache User
list, to get this to work (block all traffic to websites other than
Mapquest). All to no avail.
mod_proxy does not appear, by design it seems, to allow negated domains,
or for example:
ProxyBlock * !.mapquest.com
I'm currently working on some rather creative solutions to fix this (it
appears that no workaround in mod_proxy exists). One such workaround is
to write domains to a text file and periodically restart Apache to
"source" in a new ProxyBlock list (otherwise the sheer amount of upfront
work of entering by hand the global list of domain names is daungting
indeed).
If the developers are open to suggestions, this seems to me to be a near
perfect one.
I thank each of you for your time and for the most excellent HTTPD on
the Internet (I refuse to use anything else!) :)
Tim