Julien Gerhards wrote:
...
additional note :
I think this rule is superfluous, as you basically already have the same
condition in your RewriteRule :
RewriteCond %{REQUEST_URI} ^/img=(.+)
I'know that's is not the more secure way of use but i must respect this choice
and do my best to limit proxied sites.
I am not necessarily talking about security, I was mentioning the
responsibility and risk for the owner of this site.
As it stands, it can be used as a forward proxy for any kind of attack
to another site, and the owners of the attacked site would immediately
trace it back to the owner of this one.
The owner of this site would then have to prove he was merely
incompetent, and not actively participating in the damaging act.
Have a good look here :
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse
and at the repeated warning boxes on that page.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
