Verify how secure apache proxy configuration is
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
JQuantLib |
New
|
Medium
|
Unassigned |
Bug Description
Configuration for jquantlib.com (still considered development at this time) is using proxy configuration in order to provide easy access to continuum and archiva via apache (port 80), instead of Tomcat (port 8080). This is handy for some users who has restricted access to network resources.
Before implementing in jquantlib.org (considered production environment), we need to test how secure proxy configuration is.
Reportedly, spammers can use proxy enabled apache servers to send spam and/or post content to other web servers. Basically, the technique consists of performing a CONNECT to external mailservers or GET/POST to external web servers.
This task consists of researching how safe the current configuration is and, if safe, replicate it to jquantlib.org.
=======
Additional Information
=======
http://
Continuum is abandoned.
Now we have Hudson running at http:// www.jquantlib. org:8080/ hudson
The same question persists: Some users do not have permission to access ports other than 80 (HTTP).