On Friday 14 September 2001 11:02 am, Bill Stoddard wrote:
> Browser hits an Apache server through a firewall with a request like this:
>
> GET /manual HTTP/1.0
>
> manual is a directory which results in the server issuing a redirect thusly
>
> HTTP/1.1 301 Moved Permanently> Date: Fri, 14 Sep 2001 17:37:22 GMT
> Server: Apache/1.3.20 (Unix)
> Location: http://origin_server/manual/
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
> The origin server sits behind a firewall. The problem is that the Location
> header field contains the origin server name, not the name of the firewall,
> which is a bit of a security exposure.
>
> I really have no good ideas on how to prevent the location header field
> from having the origin_server name/address. Thoughts?
This is a config error. Just set ServerName in the config file, and the server
will do the right thing. You _may_ also need to set UseCannonicalName.
Ryan
______________________________________________________________
Ryan Bloom [EMAIL PROTECTED]
Covalent Technologies [EMAIL PROTECTED]
--------------------------------------------------------------
