AllowCONNECT - Infinite Lexicon - Infinite Lexicon

AllowCONNECT

AllowCONNECT is a directive used in the Apache HTTP Server, specifically within the mod_proxy module, to control the use of the HTTP CONNECT method when the server operates as a forward proxy. It restricts which remote ports may be accessed through a tunnel established by CONNECT, helping to prevent unauthorized or potentially harmful tunneling.

The directive works by listing allowed destination ports. When a client issues a CONNECT request to the

Syntax and context

- Syntax: AllowCONNECT port [port] ...

- Context: server config and virtual host

- Typically used in conjunction with ProxyRequests On to enable forward proxy behavior.

<IfModule mod_proxy.c>

ProxyRequests On

AllowCONNECT 443

In this example, the proxy will only allow CONNECT tunnels to port 443 (commonly used for HTTPS).

Security and considerations

AllowCONNECT helps mitigate abuse by limiting tunneling destinations, reducing potential data exfiltration through a proxy, and

---

a

a

a

a

a