On 03/04/2013 03:04 PM, Les Mikesell wrote:
I remember having a problem back in the RH (not RHEL) 5 or 6 era where I was using ProxyPass or rewriterules with [P} and it somehow enabled random proxy requests which I noticed when the logs filled up with requests that were intended to run up to run up some other sites ad counters. It is too far back to remember if that was the default from the install or was related to what I did to enable the specific proxy functions I needed, though.
That would have been in the Apache 1.0 era. If you enabled ProxyRequests and did not limit the Proxy command, you'd have created an open proxy.
Poorly written Rewrite rules have been problematic, even fairly recently: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3368
However, none of this affects the default configuration.