On Monday 30 July 2001 21:06, you wrote: > By in front, do you mean they are using a reverse proxy to relay requests > to the IIS server? Definately an interesting approach to security, seems > you should be bale to exploit unicode through it though, maybe I will set > one up here and try it. Yes They have a entrance in the apache httpd.conf like this: # # http://reqweb.bla.com.br/ # Listen 200.xx.xx.x:80 <VirtualHost efactory.bla.com.br:80> ServerAdmin webmasterat_private DocumentRoot /home/www/reqweb ServerName reqweb.bla.com.br ErrorLog logs/reqweb-error_log TransferLog logs/reqweb-access_log Options FollowSymLinks ProxyRemote * http://200.xx.xx.yy:81/ ProxyPass /reqweb http://reqweb.bla.com.br/reqweb ProxyPassReverse /reqweb http://reqweb.bla.com.br/reqweb </VirtualHost> As you can see the 200.xx.xx.yy has a reverse proxy on port 81. Just I am not really confident that something might pass through, you're the only one that responded, have any ideas as of what tests to run? Regards, Mads ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 09:38:40 PDT