At 13:50 22/09/00 -0400, Rick Murphy wrote:
>At 04:21 PM 9/22/2000 +0200, mouss wrote:
>>What is the risk if he forwards all traffic to his web server? (provided
>>he denies all but http).
>
>The http-gw supports a CONNECT verb (this is used for SSL support).
>I don't remember if CONNECT handling uses the forwarding code or not; if
>not, then that's a wide open pipe to anywhere.
>
right!
both "connect" and "secure" are handled directly, without usingthe
"forward" config.
He might however do a deny destination to only allow access to the web server.
but the plug is better.
(if the server supports HTTP/1.1, then the plu has another advantage over
the http-gw)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
