On Fri, Oct 24, 2008 at 3:13 AM, Tim Wintle <[EMAIL PROTECTED]> wrote: > (2) is the proxy prevented from hitting local addresses like localhost > or should I configure rewrite conditions against such an address (to > prevent access to server status pages etc) - haven't really got anything > to test against on this box.
No. The proxy shipped with java shindig is completely insecure. Don't use it for anything except testing and prototyping. To make it secure you need to 1) set up an HTTP proxy with access to the internet, not your internal network. Squid would work for this. 2) write an HttpFetcher subclass that uses the proxy. We should have some sample code for this in Java shindig, but we don't. I think the PHP shindig has it already.
