11 Mar
2001
11 Mar
'01
12:22 p.m.
On Sunday 11 March 2001 04:25, Oleg Broytmann wrote:
Hello!
Our system/network admins scanned our local network and found on my computer strange proxy :)
telnet localhost 8080
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET http://www.zope.org/ HTTP/1.0 Host: localhost
Then Zope returned root page of localhost, not www.zope.org, so it is not security hole, but anyway I think ZServer should not accept server name in he request. Instead an error (perhaps HTTP error 400) should be returned. Should I report this to Collector?
probably as a feature request to z2.py for a check host option, else you'll be hosing those doing virtual hosting. kapil