httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: [users@httpd] block proxy GET access
Date Fri, 04 Feb 2011 08:07:38 GMT

----- "NLR REDDY" <nlrreddy@live.com> wrote:

> Hi,
> 
> Is there a way to block proxy GET access using mod_rewrite rules? I

ProxyRequests are off by default.
http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyrequests

Also very recommendable:
https://svn.apache.org/repos/asf/httpd/sandbox/mod_allowmethods/
Allows you to easily specify a set of blocked methods -- most 
probably even in a <Proxy > block


Finally, as Granny Weatherwax tells us the most important thing about
magic is when _not_ to use it. The same is true of mod_rewrite.

Here's a couple of examples:
http://wiki.apache.org/httpd/WhenNotToUseRewrite

> have read in security journals that this is one of the security
> vulnerabilities.

You should've read them in context. If the journal did not
put things into a context then it's a lousy one.

> Thanks

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message