Forgot your password?
typodupeerror
Bug Networking Security Apache

Apache Flaw Allows Internal Network Access 99

Posted by samzenpus
from the protect-ya-neck dept.
angry tapir writes "A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers."
This discussion has been archived. No new comments can be posted.

Apache Flaw Allows Internal Network Access

Comments Filter:
  • Use nginx? (Score:5, Interesting)

    by mhh91 (1784516) on Monday November 28, 2011 @06:23AM (#38188388)

    Why would anyone use Apache as a reverse proxy anyway?

    I mean, there's nginx, and it runs circles around Apache as far as I know.

  • Re:Garbage in, (Score:5, Interesting)

    by Anonymous Coward on Monday November 28, 2011 @07:05AM (#38188600)

    Garbage out. What else is new?

    GI/GO is bullshit, you should never output garbage no matter how fucked up the input is. If you can't process it normally, you kick out an error condition of some sort you don't just throw up your hands and say "Oh well, the user entered the wrong password so we'll just have to give him access to everything".

  • Re:Wait a minute... (Score:5, Interesting)

    by Tomato42 (2416694) on Monday November 28, 2011 @08:08AM (#38188944)
    It would be like patching rm against usage of -rf. Just because you can cut your finger with a knife doesn't mean that the knife is a badly made tool, it just means you failed as a knife user.

    The Apache vulnerability isn't part of normal config, let alone the default one. Non story.

In any formula, constants (especially those obtained from handbooks) are to be treated as variables.

Working...