- add note here in light of CVE-2011-3368

author Joe Orton <jorton@apache.org>

Wed, 5 Oct 2011 15:40:08 +0000 (15:40 +0000)

committer Joe Orton <jorton@apache.org>

Wed, 5 Oct 2011 15:40:08 +0000 (15:40 +0000)
author Joe Orton <jorton@apache.org>
Wed, 5 Oct 2011 15:40:08 +0000 (15:40 +0000)
committer Joe Orton <jorton@apache.org>
Wed, 5 Oct 2011 15:40:08 +0000 (15:40 +0000)
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml

index 0254f29561dc8b4251ddfc0562b50ec114a1b068..d694301e4ae471adfde8a42f596c24f522aaa4b1 100644 (file)
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -1220,6 +1220,15 @@ expressions</description>
      <p>If you require a more flexible reverse-proxy configuration, see the
      <directive module="mod_rewrite">RewriteRule</directive> directive with the
      <code>[P]</code> flag.</p>
+
+    <note type="warning">
+      <title>Security Warning</title>
+      <p>Take care when constructing the target URL of the rule, considering
+        the security impact from allowing the client influence over the set of
+        URLs to which your server will act as a proxy.  Ensure that the scheme
+        and hostname part of the URL is either fixed, or does not allow the
+        client undue influence.</p>
+    </note>
  </usage>
  </directivesynopsis>
author	Joe Orton <jorton@apache.org>
	Wed, 5 Oct 2011 15:40:08 +0000 (15:40 +0000)
committer	Joe Orton <jorton@apache.org>
	Wed, 5 Oct 2011 15:40:08 +0000 (15:40 +0000)