ssh - Apache: How to limit the HOSTs that mod_proxy_connect can proxy to (not visitors, but target servers)?

Question

There is a machine that only opens port 80 to the outside world, and you can use the mod_proxy_connect proxy to access its port 22; but in this case it becomes the ssh service proxy of any server, which is very unsafe. Is there a way to limit it? I can't seem to find it in the official documentation.

大家讲道理 · Answer

I modified the code myself to achieve -. -
apache2.2/modules/proxy/mod_proxy_connect.c +123

char *allowed_hosts[] = { 
    "some host name",
    "127.0.0.1",
    "localhost"
};  
int hosts_num = sizeof(allowed_hosts) / sizeof(allowed_hosts[0]);
int k;
for (k = 0; k < hosts_num; k++) {
    if (strncmp(uri.hostname, allowed_hosts[k], strlen(allowed_hosts[k])) == 0) {
      break;
    }   
 }
if (k == hosts_num) {
    return ap_proxyerror(r, HTTP_BAD_GATEWAY,
          apr_pstrcat(p, "host not allowed for: ", uri.hostname, NULL));
}

ssh - Apache: How to limit the HOSTs that mod_proxy_connect can proxy to (not visitors, but target servers)?

reply all(1)I'll reply