[Mongrel] Security

Sebastian Hennebrueder usenet at laliluna.de
Thu Nov 27 17:26:34 EST 2008


I just setup my first mongrel server behind a apache proxy. I recognized
that a lot of explanation in the wiki and on other external pages
configure mod_proxy to connect to a localhost but simple do not
configure mongrel to listen only on localhost as well. This leads easily
to security issues for unexperienced administrators.
sample doc: http://mongrel.rubyforge.org/wiki/Apache

My proposal is that for the mod_proxy examples the listening IP is
always added. This might encourage to use a local port as default

Best Regards

Sebastian Hennebrueder

More information about the Mongrel-users mailing list