On 07/17/11 1:24 AM, Ljubomir Ljubojevic wrote: > If you check the frequency of Apache (httpd) security bugs on CentOS > 5.x, I think you will see several Denial Of Service bugs, but only one > or two that would allow code execution. And bug reports for Apache are > made to secure mailing list so rest of the world is not aware of them > until they are already fixed. > > So I would not be overly concerned about HTTP tunneling attacks. most successful exploits of 'nix web servers involve poorly implemented user code, such as exploitable PHP, perl cgi, etc, things that allow sql insertion attacks, etc etc. http://xkcd.com/327/ -- john r pierce N 37, W 122 santa cruz ca mid-left coast