sön 2009-08-16 klockan 18:20 +1200 skrev Amos Jeffries:
> Henrik Nordstrom wrote:
> > ------------------------------------------------------------
> > revno: 9907
> > committer: Henrik Nordstrom <henrik_at_henriknordstrom.net>
> > branch nick: trunk
> > timestamp: Sat 2009-08-15 14:56:39 +0200
> > message:
> > Add 0.0.0.0 as an to_localhost address
> >
> > Many TCP/IP(v4) stacks aliases 0.0.0.0 as 127.0.0.1.
> > modified:
> > src/cf.data.pre
> >
>
> Can you clue me in on this one please Henrik?
See the note next to where to_localhost is used:
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
> Why/What broken remote external clients are sending the reserved
> ANY_ADDR as the public global-scope destination? This seems to me akin
> to connecting a remote servers port 0.
Any client requesting a host that resolves to 0.0.0.0 or that IP
explicitly.
> Side-note: How can we expect wildcard port bindings to work on those
> machines when the ANY_ADDR (wildcard) IP is aliased to localhost-only?
Not sure what you see as a problem.
connect(0.0.0.0:80)
and
connect(127.0.0.1:80)
is the same thing on many OS:es for stupid historic reasons.
and this acl is for blocking clients trying to make the proxy connect to
127.0.0.1.
Regards
Henrik
Received on Sun Aug 16 2009 - 06:48:48 MDT
This archive was generated by hypermail 2.2.0 : Sun Aug 16 2009 - 12:00:08 MDT