Michael Miller wrote:
> However, with the httpd_accel_with_proxy option turned on, it works.
>
> I'll check RFC 2616 but can you tell me why the option is available if it
> should not be used. More so, why is the default in contravention of the RFC?
httpd_accel_with_proxy and httpd_accel_uses_host_header defaults to off
from important security reasons. If you enable either of these then you
MUST set up access control to limit proxying to you servers, or people
can use your reverseproxy to as a proxy to reach any site, not only the
ones you are "accelerating".
-- Henrik Nordstrom Squid HackerReceived on Tue Dec 14 1999 - 16:12:28 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:54 MST