有一台機器只對外開放80端口,可使用mod_proxy_connect代理訪問其22端口;但是這樣一來它就變成任意伺服器的ssh服務代理了,這樣很不安全。是否有辦法限制它?我在官方文件裡面貌似沒有找到。
我自己修改程式碼實現了-。 - apache2.2/modules/proxy/mod_proxy_connect.c +123
char *allowed_hosts[] = { "some host name", "127.0.0.1", "localhost" }; int hosts_num = sizeof(allowed_hosts) / sizeof(allowed_hosts[0]); int k; for (k = 0; k < hosts_num; k++) { if (strncmp(uri.hostname, allowed_hosts[k], strlen(allowed_hosts[k])) == 0) { break; } } if (k == hosts_num) { return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p, "host not allowed for: ", uri.hostname, NULL)); }
我自己修改程式碼實現了-。 -
apache2.2/modules/proxy/mod_proxy_connect.c +123
char *allowed_hosts[] = { "some host name", "127.0.0.1", "localhost" }; int hosts_num = sizeof(allowed_hosts) / sizeof(allowed_hosts[0]); int k; for (k = 0; k < hosts_num; k++) { if (strncmp(uri.hostname, allowed_hosts[k], strlen(allowed_hosts[k])) == 0) { break; } } if (k == hosts_num) { return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p, "host not allowed for: ", uri.hostname, NULL)); }