[prev in list] [next in list] [prev in thread] [next in thread]
List: dragonidsuser
Subject: Re: I have a question...
From: Ron Gula <rgula () ENTERASYS ! COM>
Date: 2001-08-02 14:05:40
[Download RAW message or body]
The difference is that the web server is acting as a proxy. Normally,
a web client issues a web request to a web server. With a web server
acting as a proxy, a web client can send a web request to one web
server which will send this request to the real web server.
Imagine a DMZ where there is an external web server that has a proxy
feature enabled. A hacker could send a proxy web request to the web
server in the DMZ, which may reference a web server behind the
firewall. If the firewall is misconfigured, this may allow an attacker
to send in an attack.
Normally, a web get request may look something like:
GET /index.html
However, with a proxy URL, it may look something like:
GET http://10.100.100.1/index.html
Ron Gula
At 11:31 AM 8/2/01 +0900, you wrote:
>>>>
Hi,
I don't know what PROXY:WEB-GET signature means.
It explains that a web server allows users to perform GET requests and this
may allows attackers to bypass a firewall.
But, when a user request a webpage by web browser, it also uses the 'get'
command. doesn't it ?
If so, I thing that this event should be occured by all http request.
<<<<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic