bugzilla at apache
Nov 29, 2009, 7:21 AM
Post #6 of 9
(888 views)
Permalink
|
|
[Bug 29744] CONNECT does not work over existing SSL connection
[In reply to]
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=29744
--- Comment #99 from Colin Dean <c.c.dean [at] durham> 2009-11-29 07:20:58 UTC ---
Can I just put in another plea that this patch be incorporated into the 2.2
stream, so people don't have to keep updating it and re-applying it.
In my case I'm using it with a browser based application that provides web
access to VNC consoles of virtual machines. The user sees the available
machines in a conventional dynamic web page, and when selecting a console to
view, a Java applet is run. With this patch, the VNC (RFB) connection can be
securely tunneled over the same HTTPS connection as the main page - without it
lots of VNC ports have to be opened to the outside world.
Although I can patch my Apache installation, I have users of the same
application in other organizations who want to use a standard distribution and
aren't comfortable patching and recompiling.
By the way, I'm also puzzling over the best way to enable HTTP CONNECT proxying
but not generic HTTP 0.9/1.0/1.1, AJP13 and FTP. The best I've managed so far
is:
ProxyRequests On
AllowCONNECT 5900
<ProxyMatch /.*/>
Order deny,allow
Deny from all
</ProxyMatch>
which does seem to allow CONNECT proxying only, because the ProxyMatch doesn't
seem to match this (unlike <Proxy *>, which matches all kinds of forward
proxying). But this seems very ugly! I guess I'm looking for a
<ProxyMatchProtocol> feature.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd
|
