Date: Sat, 1 Oct 1994 13:59:17 +0100
Message-Id: <199410011258.NAA13021@gammix.tunix.kun.nl>
From: "Jeroen Vanheste" <jeroen@tunix.kun.nl>
To: Multiple recipients of list <www-proxy@www0.cern.ch>
Subject: Proxy configuration - security questions
I have some questions about security aspects of the proxy configuration
of the CERN WWW-server:
-I am able to associate an Protect template with certain URL's, for instance:
Protection PROTNAME {
GetMask ...
}
Protect http:* PROTNAME
The GetMask defines the hosts that the server will proxy for. However,
I want to be able to limit the *destination* hosts: for instance, I do
not want proxy operation when the *destination* is X, Y, or Z. Am I right
that the CERN server cannot be configured in this way?
If so, I consider this to be a major shortcoming.
-I suspect that the "UserId" directive is ignored in the Protection template
for proxied URL's. Eg
Protection PROTNAME {
GetMask ...
UserId xyz
}
Protect http:* PROTNAME
does not seem to work (ie the proxied operation is run as root, not as xyz.
Am I right in this.
_____________________________________________________________________
Jeroen Vanheste Tel: +31 80 528819 jeroen@tunix.kun.nl
TUNIX Open System Consultants
P.O. Box 31070 6503 CB Nijmegen The Netherlands
______________________________________________________________________