André Malo [mailto:[EMAIL PROTECTED] wrote: > * Joshua Slive wrote: > > [spam via proxy] > > One possible thing we could do is simply remove the sample > proxy config > > from our default httpd.conf. These samples make it too > easy for people to > > activate a proxy without securing it properly. > > +1! Since proxying is not the primary purpose of the httpd I > won't miss it > in the default config (commented or not).
Possibly a 'go look in the docs' type question. But for instance: >From the docs: 8<----------------- NoProxy Directive This directive is only useful for Apache proxy servers within intranets. The NoProxy directive specifies a list of subnets, IP addresses, hosts and/or domains, separated by spaces. A request to a host which matches one or more of these is always served directly, without forwarding to the configured ProxyRemote proxy server(s). ----------------->8 In that the sentence: "A request to a host which matches one or more of these is always served directly" NoProxy 2001:db8::/32 www.example.com AAAA 2001:db8::1 Is a bit dubious, at least for me. It could mean two things: - GET http://www.example.com/ HTTP/1.1 Would be served 'directly' (from cache, from how?) - A client from 2001:db8::/32 sending "GET http://www.example.com/ HTTP/1.1" will be served 'directly'. It could be my english understanding ofcourse, but if somebody would like to enlighten me ;) Then there is also: <Proxy *> Order Deny,Allow Deny from all Allow from 192.168.0 </Proxy> But that is for _client's_. We could have something similar with destination's. Which could also be usefull for spam-ad blocking etc: <Proxy *> Order Allow,Deny Allow to all Deny to example.com Deny to 2001:db8::/32 Deny to ::1 Deny to 127.0.0.1 Deny to port 25 </Proxy> Having that would be perfect ofcourse. Next in from the document is the AllowCONNECT Directive. Maybe at least a AllowProxyPort would be helpful, somewhat like the above ? Greets, Jeroen
