You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/07/26 12:24:39 UTC
DO NOT REPLY [Bug 11201] New: -
Build static mod_rewrite and mod_proxy has proxy vulnerability
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11201>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11201
Build static mod_rewrite and mod_proxy has proxy vulnerability
Summary: Build static mod_rewrite and mod_proxy has proxy
vulnerability
Product: Apache httpd-1.3
Version: 1.3.26
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Build
AssignedTo: bugs@httpd.apache.org
ReportedBy: holger.manthey@bertelsmann.de
Configure apache with somethong like
./configure --enable-module=proxy --enable-module=rewrite ...
results in:
httpd -l
...
mod_rewrite.c
mod_proxy.c
...
This is because the default src/Configuration.tmpl contains first mod_rewrite
then mod_proxy. When using the proxy features with apache you can't deny the
usage with RewriteRules and everyone is able to use this proxy.
The Solution is build the server dynamic or change the moduleorder in
src/Configuration.tmpl
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org