Julien Gerhards wrote: ... additional note :I think this rule is superfluous, as you basically already have the same condition in your RewriteRule :
RewriteCond %{REQUEST_URI} ^/img=(.+)
I am not necessarily talking about security, I was mentioning the responsibility and risk for the owner of this site. As it stands, it can be used as a forward proxy for any kind of attack to another site, and the owners of the attacked site would immediately trace it back to the owner of this one. The owner of this site would then have to prove he was merely incompetent, and not actively participating in the damaging act.I'know that's is not the more secure way of use but i must respect this choice and do my best to limit proxied sites.
Have a good look here : http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#forwardreverse and at the repeated warning boxes on that page. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|