Joe Orton wrote:
On Wed, Aug 03, 2005 at 09:41:43AM -0400, Daniel J Walsh wrote:
>Joe Orton wrote:
>
>
>>Expected Results: I would expect the default policy to allow proxying and
>>Message is not explicit and I had to search a long time to understand....
>>
>>Additional info:
>>
>>
>>
>>
>>
>We could allow apache to connect to apache ports by default, if that
>would satisfy this.
>
>
No, when mod_proxy is used as a generic HTTP proxy (a not entirely
uncommon configuration) it needs to be able to connect to any remote
port on any remote address.
joe
Defaulting apache to can_network_connect_any=1 could allow a subverted
apache web server to be setup as a spammer, or a launch site for further
attacks. So I don't think this would be a good idea.
--