Re: mod_proxy.c configuration problem for a tomcat6-bridged situation

[Alvise Nicoletti <lists@xxxxxxxxxxxxxxxxxxx>]

Alvise Nicoletti wrote:

Eric Covener wrote:

On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
<lists@xxxxxxxxxxxxxxxxxxx> wrote:
  

I would like to restrict access to everything-but-mywebsite like the
example:
    

<IfModule mod_proxy.c>
        ProxyRequests Off
        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Deny from all

                Allow from www.TOMCATWEBSITE.com
        </Proxy>
        ProxyVia On
</IfModule>

That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.

If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.

  

mhh ...

the point is that the original configuration in my webserver was:

<IfModule mod_proxy.c>
        ProxyRequests Off
        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Deny from all
        </Proxy>
        ProxyVia On
</IfModule>

And everthing was working, BUT, I had to remove everything to make the tomcat6-apache2 bridge work.
Also, in the header of that file I found written:
        #turning ProxyRequests on and allowing proxying from all may allow
        #spammers to use your proxy to send email.

So I guess this is not good:
<IfModule mod_proxy.c>
        ProxyRequests Off
        <Proxy *>
                AddDefaultCharset off
        </Proxy>
        ProxyVia On
</IfModule>



Or is it ok?

Do you guy confirm that leaving a webserver with mod_proxy.c enabled but with no rules is a good thing?

So I relax up a bit ...