httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: PROPOSAL: new directive for mod_proxy
Date Wed, 06 Mar 2002 08:24:12 GMT
Chuck Murcko wrote:

> I think reverse proxy is usable all the time - mod_rewrite uses it by
> generating an internal request. And you can put rewrite+reverse proxy
> rules (possibly using [P] flag) into .htaccess.
> It's also conceptually less confusing to see adjacent default lines in
> the config
> ProxyPass off    #forward proxy
> ReverseProxyPass on #reverse proxy
> Or whatever we call it. The default values are for compatibility with
> other modules. I've seen also several instances lately where sites
> thought they needed ProxyPass on for reverse proxy _ rewrite but did
> not, and had inadvertently been getting exploited as open forward
> proxies. The opposite case from the original security implications of
> reverse proxy always on. So at the least it's currently confusing, and
> could stand to be more clearly and configurably enabled.

The problem seems to be a documentation problem - if people are confused
about how to configure something, then the docs must be fixed to stop
that confusion.

Adding a ReverseProxyPass directive will simply add to that confusion -
two config directives will be needed when previously there were one - so
we are in a worse position than we were before.

In addition, people who blindly upgrade their systems will find their
setups suddenly break - which is a showstopper.

In short, I think warnings need to be added to the documentation rather
than additional directives.

-----------------------------------------		"There's a moon
					over Bourbon Street
View raw message