|
All, Here is a little more follow up on the proxy security issue and a personal warning to heed this advice. Steve Cousins reported the email abuse due to "ProxyRequest On" back in April and requested advice on solving it: http://ferret.pmel.noaa.gov/mail_archives/las_users/fu_2003/msg00092.htmlI did not investigate the issue at that time and his question was never answered. I should have taken this security related question more seriously and at least checked our own http.conf files to see if our servers were open to the same abuse. If I had, I could have saved our group from the embarrassment caused by this email abuse. So I am hereby asking each of you to learn from my example and check your httpd.conf files. Make sure that forward proxying on your systems is turned off unless it is needed for other projects. If it is enabled, it should be carefully restricted to in house IP addresses. Wishing you all a safe and secure October, -- Jon |