httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1179272 - /httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml
Date Wed, 05 Oct 2011 15:40:08 GMT
Author: jorton
Date: Wed Oct  5 15:40:08 2011
New Revision: 1179272

URL: http://svn.apache.org/viewvc?rev=1179272&view=rev
Log:
- add note here in light of CVE-2011-3368

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml?rev=1179272&r1=1179271&r2=1179272&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml Wed Oct  5 15:40:08 2011
@@ -1220,6 +1220,15 @@ expressions</description>
     <p>If you require a more flexible reverse-proxy configuration, see the
     <directive module="mod_rewrite">RewriteRule</directive> directive with the
     <code>[P]</code> flag.</p>
+
+    <note type="warning">
+      <title>Security Warning</title>
+      <p>Take care when constructing the target URL of the rule, considering
+        the security impact from allowing the client influence over the set of
+        URLs to which your server will act as a proxy.  Ensure that the scheme
+        and hostname part of the URL is either fixed, or does not allow the
+        client undue influence.</p>
+    </note>
 </usage>
 </directivesynopsis>
 



Mime
View raw message