WebApp Sec mailing list archives
Re: Security using Apache module
From: Ivan Ristic <ivanr () webkreator com>
Date: Fri, 19 Mar 2004 09:38:50 +0000
stevenr () mastek com wrote:
Hi all I have indeed got a host of ideas from all the replies here. Since quite a few have mentioned closing Box2 access other than from Box1, I would like to clarify about this. The 3rd party tool hosted on Box2 requires direct connection to the client browser as the (#$%#$^$) server generates a response depending on the type of User Agent accessing it. If I use mod_proxy or a servlet wrapper as some suggested, I am unsure of how the tool will behave. Also no proper documentation is available about if it uses any other headers( nothing unusual about this I guess ;) ), so I cant risk putting in a User Agent header myself.
I don't think you'll have a problem: use the User-Agent header you get at Box1 in the request you send to Box2. And if you think it can help - copy other headers from the original request too. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
Current thread:
- Security using Apache module stevenr (Mar 18)
- Re: Security using Apache module chorn (Mar 18)
- Re: Security using Apache module Ivan Ristic (Mar 18)
- <Possible follow-ups>
- RE: Security using Apache module stevenr (Mar 18)
- Re: Security using Apache module Ivan Ristic (Mar 19)
- RE: Security using Apache module Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Mar 19)