From: Joe Orton <jorton@apache.org>
Date: Wed, 5 Oct 2011 15:40:08 +0000 (+0000)
Subject: - add note here in light of CVE-2011-3368
X-Git-Tag: 2.3.15~172
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=31d85243ba13abebc7df77de696c6418c29c3953;p=apache

- add note here in light of CVE-2011-3368


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1179272 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index 0254f29561..d694301e4a 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -1220,6 +1220,15 @@ expressions</description>
     <p>If you require a more flexible reverse-proxy configuration, see the
     <directive module="mod_rewrite">RewriteRule</directive> directive with the
     <code>[P]</code> flag.</p>
+
+    <note type="warning">
+      <title>Security Warning</title>
+      <p>Take care when constructing the target URL of the rule, considering
+        the security impact from allowing the client influence over the set of
+        URLs to which your server will act as a proxy.  Ensure that the scheme
+        and hostname part of the URL is either fixed, or does not allow the
+        client undue influence.</p>
+    </note>
 </usage>
 </directivesynopsis>