/ Zope / Apsis / Pound Mailing List / Archive / 2004 / 2004-07 / X_SSL Headers and protecting the intranet

[ << ] [ >> ]

[ Port number in HTTP_HOST / Michael DeGusta ... ] [ Pound under 2.6 Linux Kernels? / Dennis Allison ... ]

X_SSL Headers and protecting the intranet
Eu <listaseu(at)yahoo.es>		 2004-07-07 22:55:28 [ FULL ] 
Hello, this is the first time that I write here.
At the first place, I would like to say that I am very thankful to his 
author for the work that he has well done. ( Perphaps my english is some 
bad :S ).
The subject of this mail is that I would like if Pound is capable of:
    - If any X_SSL header arrives to Pound from a external source ( an 
attacker ) is dropped , in other words,  Is Pound capable of detect this 
type of attack ? Or
it passes this headers to the server into the intranet ? Which are the 
options to enable this action ( deny any X_SSL head and request a 
certificate ) ?
    - I would like to know if Pound can be request a couple of 
certificates, ( I want to authenticate the machine and the user that is 
connected from ) .
    - Finally, I would like to know if Pound adds any header with its IP 
to rest of headers , I want to control where X_SSL heads comes from to 
prevent any attack.

Thanks.
Re: X_SSL Headers and protecting the intranet
Robert Segall <roseg(at)apsis.ch>		 2004-07-08 13:51:34 [ FULL ] 
On Wednesday 07 July 2004 22.55, Eu wrote:[...]

Reading the documentation would be helpful: HeadRemove, HeadDeny, HTTPSHeaders 
are the directives you are looking for. All these topics have been covered 
extensively in the man page, README, FAQ and this list.[...]
MailBoxer