— a blog about web development and whatnot by Steve Webster

  1. Use mod_rewrite’s proxy flag with caution

    Using mod_rewrite, it’s possible to proxy requests onto other servers by adding the P flag to your RewriteRules. This is a common technique to have Apache acting as the public-facing server for a number of disparate services. However, unless you’re careful with how you craft your rewrite rules, it’s possible for an attacker to gain access to your internal network or use your server to anonymously attack another.