On Friday 14 September 2001 11:40 am, Justin Erenkrantz wrote:
> On Fri, Sep 14, 2001 at 11:26:37AM -0700, Aaron Bannert wrote:
> > If anything, this is a really minor security hole. If an attacker can
> > get into your system merely by knowing the internal names/IPs or your
> > servers then you are in trouble. Either do what Ryan said (for HTTP/1.0),
> > or set up a virtual-host to accept the name that brought the requests
> > to the firewall (really, it's just a proxy) in the first place (if you
> > don't care about <HTTP/1.1 requests, which is how it works in practice).
>
> No, this is a functional error because the browser will use the location
> field to get the next request (which is not resolvable from the outside
> in most cases with a firewall). Oops.
This is not a functional error, it is a config error. The origin server can
NOT know what the proxy's server name is, unless it is in the config file.
If the config is fixed, the problem will go away.
Ryan
______________________________________________________________
Ryan Bloom [EMAIL PROTECTED]
Covalent Technologies [EMAIL PROTECTED]
--------------------------------------------------------------
