Sorry this is late - I lost the original email. I think reverse proxy is usable all the time - mod_rewrite uses it by generating an internal request. And you can put rewrite+reverse proxy rules (possibly using [P] flag) into .htaccess.
It's also conceptually less confusing to see adjacent default lines in the config ProxyPass off #forward proxy ReverseProxyPass on #reverse proxy Or whatever we call it. The default values are for compatibility with other modules. I've seen also several instances lately where sites thought they needed ProxyPass on for reverse proxy _ rewrite but did not, and had inadvertently been getting exploited as open forward proxies. The opposite case from the original security implications of reverse proxy always on. So at the least it's currently confusing, and could stand to be more clearly and configurably enabled. Chuck On Sunday, February 17, 2002, at 03:32 PM, Ian Holsman wrote: > Graham Leggett wrote: >> This is a cryptographically signed message in MIME format. >> --------------msCFE9391983F6F7937BC9AC92 >> Content-Type: text/plain; charset=us-ascii >> Content-Transfer-Encoding: 7bit >> Ian Holsman wrote: >>> In that case >>> +1 >>> ReverseProxyEngine On >>> ? >>> >> I still don't understand why it is required. >> Reverse proxy behaviour is switched on using ProxyPass, and as I >> understand it also by some magic in mod_rewrite. Adding another >> directive means to get reverse proxy behaviour you need to enable two >> directives instead of just one - which doesn't make sense. > > ok.. from my understanding: > you can write rewrite rules in a .htaccess file and they will be applied > you can use rewrite to initate a reverse-proxy connection. > so a unwilling administrator can open up his network by a malicious user > that has access to a 'userdirectory' or somesuch on the main webserver. > > Is this right chuck? > >> What are you trying to achieve using this directive? >> Regards, >> Graham > > >
