Chuck Murcko wrote: > It has been suggested to me by some folks I work with that it would make > sense to add a ReverseProxy on/off directive to 2.0 mod_proxy. I agree > that it seems to make sense from both a security and Law of Least > Astonishment standpoint, but it would affect the default config and/or > doc of several other modules (rewrite and ssl are a couple). > > So what do you think? > > Chuck > >
don't you need to explictly reverse proxy a certain location? is there any way of doing a reverse proxy without it ? (short of writing a custom module?) so from a security point of view I'm not sure it's required, if someone doesn't understand what a line does in his configuration (which he must have added as it isn't in there by default) can you add rewrite rules & proxypass to a .htaccess file ? if so then sure put in a no proxyreverse directive. otherwise.. not sure if it is required.
