httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Mod-rewrite+Mod_proxy+Mod_cache
Date Tue, 05 May 2009 13:56:41 GMT
Julien Gerhards wrote:
...
additional note :
I think this rule is superfluous, as you basically already have the same 
condition in your RewriteRule :
RewriteCond %{REQUEST_URI} ^/img=(.+)

> 
> I'know that's is not the more secure way of use but i must respect this choice and do
my best to limit proxied sites.
> 
I am not necessarily talking about security, I was mentioning the 
responsibility and risk for the owner of this site.
As it stands, it can be used as a forward proxy for any kind of attack 
to another site, and the owners of the attacked site would immediately 
trace it back to the owner of this one.
The owner of this site would then have to prove he was merely 
incompetent, and not actively participating in the damaging act.
Have a good look here :
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse
and at the repeated warning boxes on that page.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message