httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeroen Massar" <>
Subject RE: Spam Using SMTP "Over" HTTP-Proxy
Date Fri, 05 Sep 2003 08:23:10 GMT

Joshua Slive [] wrote:

> On Thu, 4 Sep 2003, Jeroen Massar wrote:
> > Requiring a "IKnowIAmOperatingAOpenProxy" flag that needs to
> > be set explicitly would be a better idea then :)
> That's what the ProxyRequests directive does.  Giving it a silly name
> isn't going to help ;-)

True, nothing much we can do about people not reading the docs :(

> > Seriously, we could add a default deny for outgoing port
> > 25 (smtp) and 6660-6670 (irc) proxied connections.
> > This won't really hurt anyone as I don't see any reasons
> > why anybody would want that. A special "AllowProxyPorts 25 6660-6670"
> > directive could then turn those ports open too.
> > We could even try to limit it to defaultly allowing only
> > the proxying of port 80 and 443 and denying the rest for instance.
> Bill Wrowe is a fan of the last idea.  I'm neutral about making it the
> default, but I think it would be good to make it configurable.
> You should be specific here, however.  We are talking about a 
> directive that would allow *outgoing* proxy connections only on 
> specific ports.  For example
> AllowForwardProxy 80 8080 8888

That could be the default then, if people would require other
ports they would either need to add them or specify "All" if
they are really sure of what they are doing.

We should also convince packagers that they never include the
All option per default or as a simple configuration option.
If someone wants it, let them read the doc, which should contain
the "you are opening up as an open relay" warning.


Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / /


View raw message