On Tue, Feb 3, 2009 at 7:38 AM, Eric B. <ebe...@hotmail.com> wrote: > Is there any documentation / howtos available for securely setting up > mod_proxy_http and/or mod_proxy_ajp with tomcat? The little that I > know/remember about mod_proxy_http is that if you're not careful, you can > end up with some major security holes in your installation.
Do you have any references to substantiate that? Because a quick google turns up *one* reference to a DoS attack vulnerability in Apache httpd 2.0 -- which requires the "attacker" to *own* the system being proxied to, an unlikely scenario IMHO. And for the record I prefer mod_proxy_http because I can monitor all active production connectors with standard http requests using e.g. Nagios, as well as manually check with a browser. So I'd definitely be interested in hearing more about any other known vulnerabilities. H* -- Hassan Schroeder ------------------------ hassan.schroe...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
