httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alvise Nicoletti <li...@alvisenicoletti.com>
Subject Re: [users@httpd] mod_proxy.c configuration problem for a tomcat6-bridged situation
Date Thu, 07 Jan 2010 10:11:48 GMT
Alvise Nicoletti wrote:
> Alvise Nicoletti wrote:
>> Alvise Nicoletti wrote:
>>> Eric Covener wrote:
>>>> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
>>>> <lists@alvisenicoletti.com> wrote:
>>>>   
>>>>> I would like to restrict access to everything-but-mywebsite like the
>>>>> example:
>>>>>     
>>>>
>>>>   
>>>>> <IfModule mod_proxy.c>
>>>>>         ProxyRequests Off
>>>>>         <Proxy *>
>>>>>                 AddDefaultCharset off
>>>>>                 Order deny,allow
>>>>>                 Deny from all
>>>>>
>>>>>                 Allow from www.TOMCATWEBSITE.com
>>>>>         </Proxy>
>>>>>         ProxyVia On
>>>>> </IfModule>
>>>>
>>>>
>>>> That restricts access "from" an [client] address, not access "to" a
>>>> backend [webserver] address.
>>>>
>>>> If you're running a reverse proxy only (ProxyRequests off), and you've
>>>> told it to connect to a specific backend via ProxyPass, I don't see
>>>> why you need furtherer configuration to restrict anything.
>>>>
>>>>   
>>> mhh ...
>>>
>>> the point is that the original configuration in my webserver was:
>>> <IfModule mod_proxy.c>
>>>         ProxyRequests Off
>>>         <Proxy *>
>>>                 AddDefaultCharset off
>>>                 Order deny,allow
>>>                 Deny from all
>>>         </Proxy>
>>>         ProxyVia On
>>> </IfModule>
>>>
>>> And everthing was working, BUT, I had to remove everything to make 
>>> the tomcat6-apache2 bridge work.
>>> Also, in the header of that file I found written:
>>>         #turning ProxyRequests on and allowing proxying from all may 
>>> allow
>>>         #spammers to use your proxy to send email.
>>>
>>> So I guess this is not good:
>>> <IfModule mod_proxy.c>
>>>         ProxyRequests Off
>>>         <Proxy *>
>>>                 AddDefaultCharset off
>>>         </Proxy>
>>>         ProxyVia On
>>> </IfModule>
>>>
>>>
>>>
>>> Or is it ok?
>>
>


mhh ....

> Do you guy confirm that leaving a webserver with mod_proxy.c enabled 
> but with no rules is a good thing?
>
> So I relax up a bit ...

And what is this?

 Connection attempts using mod_proxy:
   65.183.2.75 -> http://lti-mail01.ltinetworks.com:25 
<http://lti-mail01.ltinetworks.com:25>: 1 Time(s)


Mime
View raw message