[30952] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Apache 1.3.27 mod_proxy security issue

daemon@ATHENA.MIT.EDU (Michael Shigorin)
Wed Jul 30 13:12:30 2003

Date: Tue, 29 Jul 2003 12:34:56 +0300
From: Michael Shigorin <mike@osdn.org.ua>
To: "William A. Rowe, Jr." <wrowe@apache.org>
Message-ID: <20030729093456.GU13660@osdn.org.ua>
Mail-Followup-To: "William A. Rowe, Jr." <wrowe@apache.org>,
	bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx"
Content-Disposition: inline
In-Reply-To: <5.2.0.9.2.20030722170958.01750988@pop3.rowe-clan.net>

--aM3YZ0Iwxop3KEKx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Jul 22, 2003 at 05:30:39PM -0500, William A. Rowe, Jr. wrote:
> As described in the default configuration, open proxies are never
> recommended [from Apache 1.3.27 conf/httpd.conf-dist];

[skip]

> #        Allow from .your-domain.com

Is it reasonable to use something intentionally broken like
.your_domain.com (not even example.*) in configuration samples
like this one?

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

--aM3YZ0Iwxop3KEKx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/Jj/AbsPDprYMm3IRAjJXAJsEA2oC6s6Knqxi7VXWgfU04keR8gCeKxoZ
UMx/5e3yj9YkXkz388vQKJA=
=CMPn
-----END PGP SIGNATURE-----

--aM3YZ0Iwxop3KEKx--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30952] in bugtraq

Re: Apache 1.3.27 mod_proxy security issue

daemon@ATHENA.MIT.EDU (Michael Shigorin)Wed Jul 30 13:12:30 2003

daemon@ATHENA.MIT.EDU (Michael Shigorin)
Wed Jul 30 13:12:30 2003