ssh - Apache: How to limit the HOSTs that mod_proxy_connect can proxy to (not visitors, but target servers)?

Question

There is a machine that only opens port 80 to the outside world, and you can use the mod_proxy_connect proxy to access its port 22; but in this case it becomes the ssh service proxy of any server, which is very unsafe. Is there a way to limit it? I can't seem to find it in the official documentation.

大家讲道理 · Answer

I modified the code myself to achieve -. -
apache2.2/modules/proxy/mod_proxy_connect.c +123

char *allowed_hosts[] = { 
    "some host name",
    "127.0.0.1",
    "localhost"
};  
int hosts_num = sizeof(allowed_hosts) / sizeof(allowed_hosts[0]);
int k;
for (k = 0; k < hosts_num; k++) {
    if (strncmp(uri.hostname, allowed_hosts[k], strlen(allowed_hosts[k])) == 0) {
      break;
    }   
 }
if (k == hosts_num) {
    return ap_proxyerror(r, HTTP_BAD_GATEWAY,
          apr_pstrcat(p, "host not allowed for: ", uri.hostname, NULL));
}

Php8, I'm coming too

Learn website layout in 30 minutes

Shangguan Oracle Beginner to Proficient Video Tutorial

Your first line of UNI-APP code

Flutter from scratch to app launch

Brother Lian New Linux Video Tutorial

AXURE 9 Video Tutorial (Suitable for Product Manager Interactive Product Design UI)

Zero Basic Proficiency PS Video Tutorial

16 day UI video tutorial to get you started

PS Techniques and Slicing Techniques Video Tutorial

Alibaba Cloud Environment Construction and Project Launch Video Tutorial

Overview of Computer Networks - Basic Knowledge that Programmers Must Master

Essential Tutorial for Programmers - HTTP Protocol Explanation

Websocket Video Tutorial