[Mongrel] Security

Sebastian Hennebrueder usenet at laliluna.de
Thu Nov 27 17:20:31 EST 2008


I just setup my first mongrel server behind a apache proxy. I recognized 
that a lot of explanation in the wiki and on other external pages 
configure mod_proxy to connect to a localhost but simple do not 
configure mongrel to listen only on localhost as well. This leads easily 
to security issues for unexperienced administrators.
sample doc: http://mongrel.rubyforge.org/wiki/Apache

My proposal is that for the mod_proxy examples the listening IP is 
always added. This might encourage to use a local port as default 

Best Regards

Sebastian Hennebrueder

More information about the Mongrel-users mailing list