On 9/20/07, Deryck Hodge <[EMAIL PROTECTED]> wrote: > > A quick Google search turns up that this is indeed easily configurable > for both Squid and mod_proxy and the defaults look sane.
What are those defaults?. My google-foo is very low today, and I only arrived at the squid FAQ[1], which says "We must note that access controls based on this header are extremely weak and simple to fake. Anyone may hand-enter a request with any IP address whatsoever[...]". And the mod_proxy page dind't help either, it just says: "Be careful when using these headers on the origin server, since they will contain more than one (comma-separated) value if the original request already contained one of these headers." [1]http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-3518b69c63e221cc3cd7885415e365ffaf3dd27f [2]http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers -- Leo Soto M. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
