Juha Heinanen wrote:
Klaus Darilion writes:
> - the proxy known that it is responsible for the host/IP in the Route
> header (by default these are the IP addresses openser is listening
> on.
klaus,
how do you test that there is only one route in the predefined route
set? if there is more, they could be used to bypass your security
checks for the initial request.
I do test for totag in the loose_route section.
regards
klaus
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
