On Tue, Feb 3, 2009 at 7:38 AM, Eric B. <[email protected]> wrote: > Is there any documentation / howtos available for securely setting up > mod_proxy_http and/or mod_proxy_ajp with tomcat? The little that I > know/remember about mod_proxy_http is that if you're not careful, you can > end up with some major security holes in your installation.
Do you have any references to substantiate that? Because a quick google turns up *one* reference to a DoS attack vulnerability in Apache httpd 2.0 -- which requires the "attacker" to *own* the system being proxied to, an unlikely scenario IMHO. And for the record I prefer mod_proxy_http because I can monitor all active production connectors with standard http requests using e.g. Nagios, as well as manually check with a browser. So I'd definitely be interested in hearing more about any other known vulnerabilities. H* -- Hassan Schroeder ------------------------ [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
