[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    Re: Spam Using SMTP "Over" HTTP-Proxy
From:       Cliff Woolley <jwoolley () virginia ! edu>
Date:       2003-08-28 19:58:47
[Download RAW message or body]

On Thu, 28 Aug 2003, Joshua Slive wrote:

> I think we've done pretty-much all we can.  I wouldn't mind putting a
> little note on the httpd.apache.org homepage saying "Have you secured your
> proxy?" and point to the correct docs.

+1.

Additionally, Eli and I have been conversing a bit more off-list, and it
does seem that having some additional blocking mechanism (besides IP-based
access control or password-based authentication) would be needed in some
cases where open HTTP proxy is intended but open SMTP tunneling is not.
Perhaps ProxyBlock will suffice.  Confirmation would be cool.
[prev in list] [next in list] [prev in thread] [next in thread]