>Number: 5337 >Category: mod_proxy >Synopsis: ProxyRemote isn't exclusive >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Nov 18 12:10:03 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.9 >Environment: Linux 2.2.15, RedHat 6.1 i386 >Description: I have the following ProxyRemote * http://host:port/ NoProxy .intranet.domain www.hostname www.hostname2
The intenet is that *only* machines in the .intranet.domain and those specificly listed be available to proxy users (I'm chaining proxy servers, and want to limit access on the local end of the link). In this case, if the ProxyRemote host isn't listening on the port, the local proxy connects directly to the site even if it *isn't* in the NoProxy line after printing an error for connection refused if the ProxyRemote service isn't up. >How-To-Repeat: Add a ProxyRemote line for everything pointing to localhost on a port that isn't being serviced. Add a NoProxy statement for a limited set of machines, then use the proxy to connect to something not in the NoProxy list. >Fix: Not at this time. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
