<code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive with the
<code>[P]</code> flag.</p>
+ <div class="warning">
+ <h3>Security Warning</h3>
+ <p>Take care when constructing the target URL of the rule, considering
+ the security impact from allowing the client influence over the set of
+ URLs to which your server will act as a proxy. Ensure that the scheme
+ and hostname part of the URL is either fixed, or does not allow the
+ client undue influence.</p>
+ </div>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ProxyPassReverse" id="ProxyPassReverse">ProxyPassReverse</a> <a name="proxypassreverse" id="proxypassreverse">Directive</a></h2>
<p>If you require a more flexible reverse-proxy configuration, see the
<directive module="mod_rewrite">RewriteRule</directive> directive with the
<code>[P]</code> flag.</p>
+
+ <note type="warning">
+ <title>Security Warning</title>
+ <p>Take care when constructing the target URL of the rule, considering
+ the security impact from allowing the client influence over the set of
+ URLs to which your server will act as a proxy. Ensure that the scheme
+ and hostname part of the URL is either fixed, or does not allow the
+ client undue influence.</p>
+ </note>
</usage>
</directivesynopsis>
image server, you might do something like the following:</p>
<div class="example"><p><code>
-RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
+RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P]
</code></p></div>
<p>Use of the [P] flag implies [L] - that is, the request is immediately
more powerful implementation of the <code class="directive"><a href="../mod/mod_proxy.html#proxypass">ProxyPass</a></code> directive,
to map remote content into the namespace of the local server.</p>
+<div class="warning">
+<h3>Security Warning</h3>
+<p>Take care when constructing the target URL of the rule, considering
+the security impact from allowing the client influence over the set of
+URLs to which your server will act as a proxy. Ensure that the scheme
+and hostname part of the URL is either fixed, or does not allow the
+client undue influence.</p>
+</div>
+
<p>Note: <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> must be enabled in order
to use this flag.</p>
image server, you might do something like the following:</p>
<example>
-RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
+RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P]
</example>
<p>Use of the [P] flag implies [L] - that is, the request is immediately
module="mod_proxy">ProxyPass</directive> directive,
to map remote content into the namespace of the local server.</p>
+<note type="warning">
+<title>Security Warning</title>
+<p>Take care when constructing the target URL of the rule, considering
+the security impact from allowing the client influence over the set of
+URLs to which your server will act as a proxy. Ensure that the scheme
+and hostname part of the URL is either fixed, or does not allow the
+client undue influence.</p>
+</note>
+
<p>Note: <module>mod_proxy</module> must be enabled in order
to use this flag.</p>
projects / thirdparty / apache / httpd.git / commitdiff
