In the guide there's a cookie cutter example on setting up a proxy in front of the perl server. In it there's a critical rule that blocks incoming proxy requests so the only use of the proxy should be the intended use from rewrite rules. That rule is absolutely critical, otherwise your server can be used as an anonymous redirector for hacking attacks, and it can often be exploited to bypass your firewall. I don't think the rule in the example works. At least on one server if i telnet to its external interface and give a proxy request it tries to contact the external site (and times out because of the firewall). There are lots of errors in the error_log from people trying to use this server as a proxy server. This is very frightening. Have other people actually tested this rule and know it works in some circumstances? The rule in question is: RewriteRule ^(http|ftp)://.* - [F] I had it in a virtual server definition which strikes me as odd, but even when i duplicate it outside the virtual server it still doesn't have any effect. Curiously, most of these attempts come from caches like skycache etc. Either there's a particular manner in which these caches operate that make them try this, or hackers are trying to build multiple levels of indirection for attacks. -- greg
