[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-docs
Subject: Re: Apache 1.3.27 mod_proxy 'docs' issue
From: Joshua Slive <joshua () slive ! ca>
Date: 2003-07-24 14:04:06
[Download RAW message or body]
On Wed, 23 Jul 2003, William A. Rowe, Jr. wrote:
> At 04:20 PM 7/23/2003, Joshua Slive wrote:
> >Another thought on this issue:
> >
> >Should we include
> >ProxyBlock :25
> >in our recommended configuration?
> >
> >I haven't tested this, but it seems like it should be effective at
> >stopping the http->smtp gateway. And really, this type of gateway is a
> >bad idea, even on properly secured proxies.
>
> If you look at how restrictive the default AllowConnect directive is, then
> it isn't unreasonable to consider the reporter's orginal suggestion for some
> AllowProxy directive as well. Your suggestion would eliminate port 25,
> if it behaves as we expect, but that doesn't solve the problem for other ports.
I thought about this, and the idea of an Allow(Forward)Proxy directive
isn't bad, but I don't think I would want it in the default config. We
would be encouraging a policy where a proxy administrator would say "http
is only allowed on ports 80 and 8080". And I think most of us agree that
is silly and doesn't do much to help security.
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic