Search squid archive

Re: URL rewrite on Squid 3.1.6 as ReverseProxy for Exchange OWA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24/02/2012 11:52 a.m., Roman Gelfand wrote:
Hi Amos,

I could be wrong, but I understood from your several posts that this
type of configuration is not recommended (either due to security
issues or performance, I don't remember exactly).

Is that right?

*redirect*, (using deny_info or redirector program which does real 3XX status redirects) is fine and a built-in feature of HTTP. Since what it does is inform the client browser/agent to change the URI being requested. Keeping any state between the server and client synchronized. Security, behaviour expectations and working state is all kept predictable.

*rewrite*, (using a redirector/rewriter to alter the URL in-transit) is not recommended on grounds of being complex with many breakages from the client browser/agent being unaware of the URL change. re-write is at heart a cross-site/XSS attack, in the same ways that intercept proxy is a MITM attack. Intending for it to happen does not change the side effects or lessen the risks.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux