Apache 2 forward proxy server returns 403 when requesting port 22

Question

I have an Apache 2 Debian web server running with the mod_proxy, mod_proxy_CONNECT, and mod_proxy_HTTP modules enabled. My goal is to be able to use it as a forward proxy server to tunnel an SSH session over the port 80. So, the SSH client should be able to use the proxy server (on port 80) to connect to the SSH server hosted on port 22. The proxy module is configured as such:

ProxyRequests On

<Proxy *>
    AddDefaultCharset off
    Order Deny,Allow
    Allow from all
</Proxy>

When using the proxy to connect to any regular website, it works fine. It will also work when connecting to the SSH server on port 22 using the GET method in a browser. eg:

GET http://sshserver.com:22/ HTTP/1.1
Host: sshserver.com:22

But, when using the CONNECT method (so we can use the SSH protocol), eg:

CONNECT sshserver.com:22 HTTP/1.1
Host: sshserver.com:22

The server responds with a foreboding 403 Forbidden response.

Answer 1

I had the same Problem for SSH and FTP. You have to add this in your proxy Config:

AllowCONNECT 443 563 21 22  

by default this value is set to port 443 and 563, and only these ports are allowed to use the connect method, with the directiv obove you enable also FTP and SSH defaultports. See: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#allowconnect for more details.

EDIT: Since Apache version 2.4 you can also specify portranges to allow multiple ports at once like this:

AllowCONNECT 20-30