httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbo...@apache.org
Subject svn commit: r1346405 - /httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
Date Tue, 05 Jun 2012 15:00:02 GMT
Author: rbowen
Date: Tue Jun  5 15:00:02 2012
New Revision: 1346405

URL: http://svn.apache.org/viewvc?rev=1346405&view=rev
Log:
Adds a security remark regarding proxied content and the host address,
and reference to mod_remoteip, as per comment added by Allard Hoeve to
doc.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml?rev=1346405&r1=1346404&r2=1346405&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml Tue Jun  5 15:00:02 2012
@@ -167,6 +167,18 @@ Require host .net example.edu
     <highlight language="config">
     Require local
     </highlight>
+
+</section>
+
+<section id="proxy"><title>Security Note</title>
+
+    <p>If you are proxying content to your server, you need to be aware
+    that the client address will be the address of your proxy server,
+    not the address of the client, and so using the <code>Require</code>
+    directive in this context may not do what you mean. See
+    <module>mod_remoteip</module> for one possible solution to this
+    problem.</p>
+
 </section>
 
 </section>



Mime
View raw message