httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <roy.field...@gmail.com>
Subject Re: Broken URI-unescaping in mod_proxy
Date Mon, 08 Oct 2007 17:44:43 GMT
On Oct 8, 2007, at 2:17 AM, Ruediger Pluem wrote:
> Please check that your patch does not fall into the traps I  
> mentioned in
>
> http://mail-archives.apache.org/mod_mbox/httpd-dev/200709.mbox/% 
> 3c46E450D9.2020601@apache.org%3e
>
> on this thread. Otherwise we create a security issue (at least for  
> reverse proxies and
> for reverse proxies Roy's statement is not valid as it is only  
> valid for *proxies*).

For the millionth time, if that is a problem then separate the proxy
module from the gateway ("reverse proxy") module.  They do not belong
together.

....Roy


Mime
View raw message