WebApp Sec mailing list archives
RE: Reverse Proxy and Link Encoding
From: Michael Naef <michael.naef () inf ethz ch>
Date: Thu, 5 Jun 2003 17:09:24 +0200 (MEST)
Hi Lluis
handling FORMs might be a problem: In a link you know that all the parameters will be the same when the user hits the link (unless javascript is used to modify URLs), so you can store them in a database and then match the proxy code to the URL with parameters and forward that. But in forms, you can have user-dependent data such as "text" inputs that you can not remove from the page sent to the client - so you are forced to accept data from a client (unless you want to strip forms out of the application...). Any thoughts on how this could be accomplished with yor proposed scheme?
You are right. Such a proxy would be rather restrictive. Forms would not be supported and maybe other web functionality as well -- it is quite likely that I have not thought of all the consequences yet. However, plain basic web browsing would be possible -- enough to read regular web pages, manuals, or do HTTP downloads etc. (BTW: That is what I meant to express with the paragraph quoted below from my original post.) Regards myke.
-----Mensaje original----- De: Michael Naef [mailto:michael.naef () inf ethz ch]
[...]
I am aware that such a proxy is quite prohibitive with regard to browsing the web. However, it can be useful in environments that must prevent potentially hostile traffic (e.g. "hacked" URLs, malformed POST data etc.) to leave to the Internet and still allow basic browsing capabilities.
[...]
Current thread:
- Reverse Proxy and Link Encoding Michael Naef (Jun 01)
- RE: Reverse Proxy and Link Encoding Lluis Mora (Jun 03)
- RE: Reverse Proxy and Link Encoding Michael Naef (Jun 05)
- Re: Reverse Proxy and Link Encoding security lists (Jun 05)
- <Possible follow-ups>
- RE: Reverse Proxy and Link Encoding Amit Klein (Jun 05)
- RE: Reverse Proxy and Link Encoding Amit Klein (Jun 09)
- RE: Reverse Proxy and Link Encoding Bill Burge (Jun 09)
- Re: Reverse Proxy and Link Encoding Death Star (Jun 13)
- RE: Reverse Proxy and Link Encoding Lluis Mora (Jun 03)