On Wed, Jun 06, 2012 at 09:08:02PM -0400, Jeff Trawick wrote:
Here are some valid requests which fail the 4317 checks:
CONNECT foo.example.com[:port]
GET http://foo.example.com
GET proxy:http://foo.example.com/(rewriting something which was
already proxied internally)
I am leaning
On Thu, Jun 7, 2012 at 11:55 AM, Joe Orton jor...@redhat.com wrote:
On Wed, Jun 06, 2012 at 09:08:02PM -0400, Jeff Trawick wrote:
Here are some valid requests which fail the 4317 checks:
CONNECT foo.example.com[:port]
GET http://foo.example.com
GET proxy:http://foo.example.com/ (rewriting
On Thu, Jun 7, 2012 at 1:14 PM, Jeff Trawick traw...@gmail.com wrote:
On Thu, Jun 7, 2012 at 11:55 AM, Joe Orton jor...@redhat.com wrote:
On Wed, Jun 06, 2012 at 09:08:02PM -0400, Jeff Trawick wrote:
Here are some valid requests which fail the 4317 checks:
CONNECT foo.example.com[:port]
GET
On Thu, Jun 7, 2012 at 2:18 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote:
On 6/6/2012 2:46 PM, Jeff Trawick wrote:
On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf d...@daniel.shahaf.name
wrote:
Perhaps it would be a useful feature to allow excluding those headers
from being logged, too.
On 6/7/2012 1:56 PM, Jeff Trawick wrote:
On Thu, Jun 7, 2012 at 2:18 PM, William A. Rowe Jr. wr...@rowe-clan.net
wrote:
On 6/6/2012 2:46 PM, Jeff Trawick wrote:
On Tue, May 29, 2012 at 1:36 PM, Daniel Shahaf d...@daniel.shahaf.name
wrote:
Perhaps it would be a useful feature to allow
On Thursday 07 June 2012, Eric Covener wrote:
On Wed, Jun 6, 2012 at 9:15 PM, Jeff Trawick traw...@gmail.com
wrote:
On Wed, Jun 6, 2012 at 3:49 PM, Joe Schaefer
joe_schae...@yahoo.com wrote:
Session cookies sometimes pose a security risk as well.
Yeah. That could be any cookie though
On Thu, Jun 7, 2012 at 4:11 PM, Stefan Fritsch s...@sfritsch.de wrote:
On Thursday 07 June 2012, Eric Covener wrote:
On Wed, Jun 6, 2012 at 9:15 PM, Jeff Trawick traw...@gmail.com
wrote:
On Wed, Jun 6, 2012 at 3:49 PM, Joe Schaefer
joe_schae...@yahoo.com wrote:
Session cookies sometimes
On Jun 7, 2012, at 3:11 PM, Stefan Fritsch wrote:
I share Williams concern that this makes mod_forensic potentially less
useful.
Maybe making the forensic log mode 600 by default would be a better
idea?
I have to agree with Jeff. I would rather have a more difficult or even
impossible
On 6/7/2012 3:11 PM, Stefan Fritsch wrote:
On Thursday 07 June 2012, Eric Covener wrote:
On Wed, Jun 6, 2012 at 9:15 PM, Jeff Trawick traw...@gmail.com
wrote:
On Wed, Jun 6, 2012 at 3:49 PM, Joe Schaefer
joe_schae...@yahoo.com wrote:
Session cookies sometimes pose a security risk as well.