WebApp Sec mailing list archives

Re: Security using Apache module

From: Ivan Ristic <ivanr () webkreator com>
Date: Fri, 19 Mar 2004 09:38:50 +0000

stevenr () mastek com wrote:

Hi all

I have indeed got a host of ideas from all the replies here. Since quite
a few have mentioned closing Box2 access other than from Box1, I would
like to clarify about this. The 3rd party tool hosted on Box2 requires
direct connection to the client browser as the (#$%#$^$) server
generates a response depending on the type of User Agent accessing it.
If I use mod_proxy or a servlet wrapper as some suggested, I am unsure
of how the tool will behave. Also no proper documentation is available
about if it uses any other headers( nothing unusual about this I guess
;) ), so I cant risk putting in a User Agent header myself.


  I don't think you'll have a problem: use the User-Agent header
  you get at Box1 in the request you send to Box2. And if you think
  it can help - copy other headers from the original request too.

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]

Current thread:

Security using Apache module stevenr (Mar 18)
- Re: Security using Apache module chorn (Mar 18)
- Re: Security using Apache module Ivan Ristic (Mar 18)
- <Possible follow-ups>
- RE: Security using Apache module stevenr (Mar 18)
  - Re: Security using Apache module Ivan Ristic (Mar 19)
- RE: Security using Apache module Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Mar 19)