Apache Flaw Allows Internal Network Access 99
angry tapir writes "A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers."
Use nginx? (Score:5, Interesting)
Why would anyone use Apache as a reverse proxy anyway?
I mean, there's nginx, and it runs circles around Apache as far as I know.
Re:Garbage in, (Score:5, Interesting)
Garbage out. What else is new?
GI/GO is bullshit, you should never output garbage no matter how fucked up the input is. If you can't process it normally, you kick out an error condition of some sort you don't just throw up your hands and say "Oh well, the user entered the wrong password so we'll just have to give him access to everything".
Re:Wait a minute... (Score:5, Interesting)
The Apache vulnerability isn't part of normal config, let alone the default one. Non story.