<-
Apache > HTTP Server > Documentation > Version 2.5 > Modules

Apache Module mod_proxy_connect

Description: mod_proxy extension for CONNECT request handling
Status: Extension
Module Identifier: proxy_connect_module
Source File: mod_proxy_connect.c

Summary

This module requires the service of mod_proxy. It provides support for the CONNECT HTTP method. This method is mainly used to tunnel SSL requests through proxy servers.

Thus, in order to get the ability of handling CONNECT requests, mod_proxy and mod_proxy_connect have to be present in the server.

CONNECT is also used when the server needs to send an HTTPS request through a forward proxy. In this case the server acts as a CONNECT client. This functionality is part of mod_proxy and mod_proxy_connect is not needed in this case.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

Topics

Directives

Bugfix checklist

See also

top

Request notes

mod_proxy_connect creates the following request notes for logging using the %{VARNAME}n format in LogFormat or ErrorLogFormat:

proxy-source-port
The local port used for the connection to the backend server.

CONNECT method requests are controlled by the Proxy block as any other HTTP request going through. SSL connections through a proxy may be filtered explicitly by specifying the target host and port, for instance:

<Proxy www.example.com:443>
  Require ip 192.168.0.0/16
</Proxy>
top

AllowCONNECT Directive

Description: Ports that are allowed to CONNECT through the proxy
Syntax: AllowCONNECT port[-port] [port[-port]] ...
Default: AllowCONNECT 443 563
Context: server config, virtual host
Status: Extension
Module: mod_proxy_connect
Compatibility: Moved from mod_proxy in Apache 2.3.5. Port ranges available since Apache 2.3.7.

The AllowCONNECT directive specifies a list of port numbers or ranges to which the proxy CONNECT method may connect. Today's browsers use this method when a https connection is requested and proxy tunneling over HTTP is in effect.

By default, only the default https port (443) and the default snews port (563) are enabled. Use the AllowCONNECT directive to override this default and allow connections to the listed ports only.

top