httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: svn commit: r1389575 - /httpd/httpd/trunk/CHANGES
Date Wed, 26 Sep 2012 11:11:47 GMT

On Sep 25, 2012, at 6:22 PM, Daniel Ruggeri <DRuggeri@primary.net> wrote:

> 
> On the flip side, giving this information out in http headers could be
> dangerous. Taking httpd out of the equation, this has pretty wide
> implications.

This is true, and that's why I'm not suggesting that httpd,
or any backend at all, default to producing these headers.

In a "typical" reverse proxy situation, I assume that the
admin of the proxy also admins (at least to some extent) the
backends, and so he/she would only enable these headers on
backends they know are being proxied. Also, the front-end
on accepting the headers from the backend would /dev/null
them, so that this info would never "leak" to the external
world.

At least, that's the scenario I'm working towards...


Mime
View raw message