httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: [PATCH] Make proxy CONNECT work again - Take 1
Date Mon, 30 Mar 1998 22:37:37 GMT
On Mon, 30 Mar 1998, sameer wrote:

> > 
> > But the problem is the check to only allow connections to certain ports is
> > there for a reason: to prevent people from doing bad things to other ports
> > and hiding behind a proxy.  Connecting to arbitrary ports through CONNECT
> > isn't good.
> 
> 	How about defaulting to not allowing any ports, and having a
> config directive to turn on specific ports? I never liked the
> hardcoded port limits so that you couldn't connect to any ports other
> than the hardcoded ones anyway.

That is fine, but then we would have to default to including https and
snews anyway.  <g>

I don't know if that gets us any further, although now you can claim the
code isn't restricted, just the config files we are shipping.  It sure
would catch a lot of people though and make lots of hassles.

My view is that I don't care.  If someone asks us to remove it, we will; 
that is what happened with the PGP stuff way back, no?  Otherwise I will
go on the assumption that the US gov't isn't that dumb.  If someone who
can get hurt (hm... guess all they can do is reject my work visa) like
Brian isn't willing, then we have to do something.



Mime
View raw message