diff options
| author | Joe Orton <jorton@apache.org> | 2011-10-05 17:43:18 +0200 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2011-10-05 17:43:18 +0200 |
| commit | f607ef5e5c3156faedf91740aacc5b1b95e7f580 (patch) | |
| tree | 0501a2ec5b72357d976333f4536ecd7b6d6e6c4a /docs/manual | |
| parent | - add note here in light of CVE-2011-3368 (diff) | |
| download | apache2-f607ef5e5c3156faedf91740aacc5b1b95e7f580.tar.xz apache2-f607ef5e5c3156faedf91740aacc5b1b95e7f580.zip | |
- `build.sh all`
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1179273 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual')
| -rw-r--r-- | docs/manual/mod/mod_proxy.html.en | 9 | ||||
| -rw-r--r-- | docs/manual/mod/mod_proxy.xml.ja | 2 | ||||
| -rw-r--r-- | docs/manual/rewrite/flags.html.en | 11 |
3 files changed, 20 insertions, 2 deletions
diff --git a/docs/manual/mod/mod_proxy.html.en b/docs/manual/mod/mod_proxy.html.en index 60ece22151..625cfe1c0c 100644 --- a/docs/manual/mod/mod_proxy.html.en +++ b/docs/manual/mod/mod_proxy.html.en @@ -1393,6 +1393,15 @@ through</td></tr> <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive with the <code>[P]</code> flag.</p> + <div class="warning"> + <h3>Security Warning</h3> + <p>Take care when constructing the target URL of the rule, considering + the security impact from allowing the client influence over the set of + URLs to which your server will act as a proxy. Ensure that the scheme + and hostname part of the URL is either fixed, or does not allow the + client undue influence.</p> + </div> + </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="ProxyPassReverse" id="ProxyPassReverse">ProxyPassReverse</a> <a name="proxypassreverse" id="proxypassreverse">Directive</a></h2> diff --git a/docs/manual/mod/mod_proxy.xml.ja b/docs/manual/mod/mod_proxy.xml.ja index 9300953f39..6e2035d3f0 100644 --- a/docs/manual/mod/mod_proxy.xml.ja +++ b/docs/manual/mod/mod_proxy.xml.ja @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?> -<!-- English Revision: 344971:1170273 (outdated) --> +<!-- English Revision: 344971:1179272 (outdated) --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en index 08842b23e1..c3591bb5d6 100644 --- a/docs/manual/rewrite/flags.html.en +++ b/docs/manual/rewrite/flags.html.en @@ -483,7 +483,7 @@ example, if you wanted all image requests to be handled by a back-end image server, you might do something like the following:</p> <div class="example"><p><code> -RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P] +RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P] </code></p></div> <p>Use of the [P] flag implies [L] - that is, the request is immediately @@ -498,6 +498,15 @@ error from the proxy module. Use this flag to achieve a more powerful implementation of the <code class="directive"><a href="../mod/mod_proxy.html#proxypass">ProxyPass</a></code> directive, to map remote content into the namespace of the local server.</p> +<div class="warning"> +<h3>Security Warning</h3> +<p>Take care when constructing the target URL of the rule, considering +the security impact from allowing the client influence over the set of +URLs to which your server will act as a proxy. Ensure that the scheme +and hostname part of the URL is either fixed, or does not allow the +client undue influence.</p> +</div> + <p>Note: <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> must be enabled in order to use this flag.</p> |