Commit f8a11311 authored by Joe Orton's avatar Joe Orton
Browse files

- add note here in light of CVE-2011-3368 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1179272 13f79535-47bb-0310-9956-ffa450edef68
parent b10aeb17

docs/manual/mod/mod_proxy.xml

+9 −0
Original line number Diff line number Diff line
@@ -1220,6 +1220,15 @@ expressions</description> 
    <p>If you require a more flexible reverse-proxy configuration, see the

    <directive module="mod_rewrite">RewriteRule</directive> directive with the

    <code>[P]</code> flag.</p>



    <note type="warning">

      <title>Security Warning</title>

      <p>Take care when constructing the target URL of the rule, considering

        the security impact from allowing the client influence over the set of

        URLs to which your server will act as a proxy.  Ensure that the scheme

        and hostname part of the URL is either fixed, or does not allow the

        client undue influence.</p>

    </note>

</usage>

</directivesynopsis>