On Fri, Jul 11, 2008 at 2:20 AM, Karsten Beyer <[EMAIL PROTECTED]> wrote:
> Hi, > > what is the suggested strategy to prevent abuse of the open proxy at > /gadgets/proxy? I found some old discussions from february about adding the > IP address of the user as HTTP header. Some testing however showed that this > is not yet implemented. > > Are there any plans to implement some kind of whitelist feature? More > importantly: Are there any reasons against implementing such a feature? You could always add a whitelist for outbound requests, but you'd have to do a custom http fetcher implementation. The java version is currently returning all proxied files as attachments, which has helped significantly with reducing the potential of /gadgets/proxy as a phishing vector or free Akamai. > > > > Best Regards, > > Karsten Beyer > [EMAIL PROTECTED] > > > >
