使用Apache mod_proxy的风险
[英]Risk of using Apache mod_proxy
问题描述
I am now exploring to use Apache's mod_proxy's directive, eg ProxyPass, as part of solution for cross-domain scripting restriction (for html/ajax/flash code). 
我现在正在探索使用Apache的mod_proxy指令,例如ProxyPass,作为跨域脚本限制(对于html / ajax / flash代码)的解决方案的一部分。 However, I am afraid by enabling mod_proxy, I would risk having the server as open proxy. 但是,我担心通过启用mod_proxy,我会冒险将服务器作为开放代理。
What's the risk, and how to minimize the risk, in short? 简而言之,风险是什么,以及如何最大限度地降低风险?
Thanks. 谢谢。
2 个解决方案
解决方案1
9 已采纳 2009-05-04 14:26:18
Since you specifically mentioned ProxyPass, I'll assume you're using mod_proxy as a reverse proxy. 由于您特别提到了ProxyPass,我假设您使用mod_proxy作为反向代理。
If that's the case, just make sure ProxyRequests is off. 如果是这种情况,请确保关闭ProxyRequests。 It isn't needed for reverse proxies. 反向代理不需要它。
In a forward proxy configuration, if you were to enable ProxyRequests without setting access restrictions (ie, which hosts/networks are allowed to use the proxy) you could very easily wind up with an open proxy. 在正向代理配置中,如果要在不设置访问限制的情况下启用ProxyRequests(即,允许哪些主机/网络使用代理),您可以非常轻松地使用开放代理。
See the mod_proxy documentation for more info. 有关详细信息,请参阅mod_proxy文档 。
解决方案2
4 2009-05-04 14:27:01
Just make sure to set ProxyRequests to Off : 只需确保将ProxyRequests设置为Off :
This prevents Apache from acting as a forward proxy server (which is where the concern about an open proxy comes in), but does not affect its use as a reverse proxy using ProxyPass 这可以防止Apache充当转发代理服务器(这是关于开放代理的问题),但不会影响它作为使用ProxyPass的反向代理的用途
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.