[Mongrel] Security

Sebastian Hennebrueder usenet at laliluna.de
Thu Nov 27 17:20:31 EST 2008


Hello,

I just setup my first mongrel server behind a apache proxy. I recognized 
that a lot of explanation in the wiki and on other external pages 
configure mod_proxy to connect to a localhost but simple do not 
configure mongrel to listen only on localhost as well. This leads easily 
to security issues for unexperienced administrators.
sample doc: http://mongrel.rubyforge.org/wiki/Apache

My proposal is that for the mod_proxy examples the listening IP is 
always added. This might encourage to use a local port as default 
configuration.

Best Regards

Sebastian Hennebrueder
http://www.laliluna.de



More information about the Mongrel-users mailing list