[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-docs
Subject:    Re: Apache 1.3.27 mod_proxy 'docs' issue
From:       Joshua Slive <joshua () slive ! ca>
Date:       2003-07-24 14:04:06
[Download RAW message or body]


On Wed, 23 Jul 2003, William A. Rowe, Jr. wrote:

> At 04:20 PM 7/23/2003, Joshua Slive wrote:
> >Another thought on this issue:
> >
> >Should we include
> >ProxyBlock :25
> >in our recommended configuration?
> >
> >I haven't tested this, but it seems like it should be effective at
> >stopping the http->smtp gateway.  And really, this type of gateway is a
> >bad idea, even on properly secured proxies.
>
> If you look at how restrictive the default AllowConnect directive is, then
> it isn't unreasonable to consider the reporter's orginal suggestion for some
> AllowProxy directive as well.  Your suggestion would eliminate port 25,
> if it behaves as we expect, but that doesn't solve the problem for other ports.

I thought about this, and the idea of an Allow(Forward)Proxy directive
isn't bad, but I don't think I would want it in the default config.  We
would be encouraging a policy where a proxy administrator would say "http
is only allowed on ports 80 and 8080".  And I think most of us agree that
is silly and doesn't do much to help security.

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]