[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-bugs
Subject: DO NOT REPLY [Bug 39448] New: - old-style <directory proxy:*> doesn't give any warnings
From: bugzilla () apache ! org
Date: 2006-04-29 14:51:31
Message-ID: bug-39448-7868 () http ! issues ! apache ! org/bugzilla/
[Download RAW message or body]
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39448>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39448
Summary: old-style <directory proxy:*> doesn't give any warnings
Product: Apache httpd-2
Version: 2.0.53
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P3
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: jwagner@computing.dcu.ie
When copying from old 1.3 configurations there is no warning that <Directory
proxy:*> Order allow,deny Allow from localhost </Directory> doesn't protect the
proxy server. As far as I understand the directory directive in 2.0, the first
argument must either be "~" or start with '/'. Enforcing this should be
sufficient to motivate users to have another look at the documentation and spot
that <proxy *> must now be used.
As this feature request is security related, I chose severity 'minor' instead
of 'trivial'.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic