On Sat, 27 Oct 2007 22:56:47 -0700
Paul Querna <[EMAIL PROTECTED]> wrote:
> +0.5 in concept.
>
> -0.9 on enabling this by default in mod_includes. Make it possible to
> turn it on via httpd.conf, but never on by default....
That makes sense. In fact, the patch already accomplishes that,
in the sense that it requires explicit configuration of mod_proxy.
I used:
ProxyRequests On
<Proxy *>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Proxy>
And yes, if we enable it, we need an additional directive so that
it can be enabled without ProxyRequests, and the open invitation
for lusers to shoot themselves in the foot.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
