On Fri, Aug 05, 2005 at 02:49:37PM -0400, Daniel J Walsh wrote:
Joe Orton wrote:
>No, when mod_proxy is used as a generic HTTP proxy (a not entirely
>uncommon configuration) it needs to be able to connect to any remote
>port on any remote address.
>
>
Defaulting apache to can_network_connect_any=1 could allow a subverted
apache web server to be setup as a spammer, or a launch site for further
attacks. So I don't think this would be a good idea.
Currently the following is known to be broken in the default
configuration:
1) web applications which connect to remote {my,postgre}SQL databases
(and similarly, I guess, the Apache SQL-based-authentication modules)
2) all mod_proxy configurations (reverse proxy, forward proxy)
3) the parent connect()-to-listening-port "reap idle children"
interface, which has the impact:
a) one log message written to error_log per second when the server
acquiesces after a period of above-normal load and tries to reap idle
children
b) graceful restart does not work properly
The above all represent important functionality.
I'm not convinced that the security vs usability tradeoff is being won
in favour of enabling the boolean by default.
Regards,
joe