You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by "Roy T. Fielding" <fi...@gbiv.com> on 2006/10/28 19:11:48 UTC

Re: [Httpd Wiki] Update of "Recipes/TomcatReverseProxy" by megaspaz

On Oct 24, 2006, at 6:11 PM, Apache Wiki wrote:
> The following page has been changed by megaspaz:
> http://wiki.apache.org/httpd/Recipes/TomcatReverseProxy
>
> The comment on the change is:
> Added <Proxy> code block for situations where proxy forbidden  
> errors happen
>
> ---------------------------------------------------------------------- 
> --------
>
>   You can test to see that your proxy is working by accessing  
> http://localhost/webapps. You should see the default Tomcat  
> homepage. Note, that '''/webapps''' in the '''!ProxyPass''' and '''! 
> ReverseProxyPass''' lines can be whatever you want. You can use '''/ 
> foo''' if you want and you can access Tomcat with http://localhost/ 
> foo.
>
> + ***Note*** If you get proxy forbidden errors in your error log,  
> you can add the following code block below and restart Apache to  
> try to fix the error.
> +
> + {{{<Proxy *>
> +   Order deny,allow
> +   Allow from all
> + </Proxy>
> + }}}

Shouldn't this include some discussion of proxy access control and
the danger of open proxies?  Generally speaking, we should not recommend
such a config on any server accessible from the Internet.

....Roy

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

Re: [Httpd Wiki] Update of "Recipes/TomcatReverseProxy" by megaspaz

Posted by Joshua Slive <jo...@slive.ca>.

On 10/28/06, Roy T. Fielding <fi...@gbiv.com> wrote:

> > + ***Note*** If you get proxy forbidden errors in your error log,
> > you can add the following code block below and restart Apache to
> > try to fix the error.
> > +
> > + {{{<Proxy *>
> > +   Order deny,allow
> > +   Allow from all
> > + </Proxy>
> > + }}}
>
> Shouldn't this include some discussion of proxy access control and
> the danger of open proxies?  Generally speaking, we should not recommend
> such a config on any server accessible from the Internet.

It's actually ok because they put "ProxyRequests Off" earlier in the
example.  So the open config applies only to reverse proxy requests.

Joshua.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org