Path: csiph.com!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail From: D Finnigan Newsgroups: comp.sys.apple2 Subject: Re: Webber Update Date: Thu, 14 Oct 2021 00:23:51 -0000 (UTC) Organization: Mac GUI Lines: 51 Message-ID: References: <0001HW.26FDC1400044F4BB7000013FF2EF@eu.astraweb.com> <7796d27b-c321-4d6e-977f-5f416203640an@googlegroups.com> <0001HW.2700589E00E06D0970000B4D12EF@eu.astraweb.com> <0001HW.2716BA6C061F4A157000014412EF@eu.astraweb.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Thu, 14 Oct 2021 00:23:51 -0000 (UTC) Injection-Info: reader02.eternal-september.org; posting-host="410f7cbbe34c2bec7352c61440caa8af"; logging-data="26170"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+gvTSkOPd5WGIIfp6EdLaT" User-Agent: Mac GUI Usenet Cancel-Lock: sha1:VY5QzQEZnPbxd/pKt9Ln0C2ZT1s= In-Reply-To: <0001HW.2716BA6C061F4A157000014412EF@eu.astraweb.com> Xref: csiph.com comp.sys.apple2:46679 Speccie wrote: > > The assumption I made when writing the Proxy software for Webber was that > for a Proxy connection, if a HTTPS URL is specified, it should send that > out, and if the Proxy server then handles it, all is well. If no Proxy > server has been specified, then Webber will change the HTTPS to HTTP and > try that. > > I tested the Proxy feature using Squid on a Mac, which does link into the > Apache server, but it does not pass https URLs, and reports a “not > supported” error. > OK, I will give you some more information on my setup. I don't have Squid or anything else involved. It's just Apache. These are the directives for Apache. These go in the root server (or virtual host) config file: ProxyRequests On ProxyVia Full ----- Modules that you need to have enabled: mod_proxy_connect # for HTTPS mod_proxy_ftp mod_proxy_http # if you want HTTP proxying ---- With this in place, now your Apache server should accept a request line like this: GET https://example.com/example.html HTTP/1.1 Host: webberproxy.speccie.invalid And it will return the plaintext response from that HTTPS site. There are also some directives that will cause the proxy to ignore an expired certificate, or just not validate the certificate. This may or may not be useful in some cases. The bigger problem that I don't have a solution for yet, is if you have a public proxy server, what is the best way to control access to it? To prevent it from becoming a vehicle for abuse. -- ]DF$ The New Apple II User's Guide: https://macgui.com/newa2guide/