|author||Russell King <email@example.com>||2021-09-26 13:23:24 +0100|
|committer||Russell King <firstname.lastname@example.org>||2021-09-26 13:23:40 +0100|
Update the readme file to add a section on security (or lack of!) and known bugs. Signed-off-by: Russell King <email@example.com>
1 files changed, 13 insertions, 0 deletions
@@ -19,3 +19,16 @@ internet proxy httpd server application
The reverse proxy is responsible for controlling public access to the
event streams served by the mini-httpd event server; the event server
itself should not be publically accessible.
+Virtually none inherent to the server; if you can connect to the server
+you can read and write the vent stream. However, the server does detect
+a connection forwarded through Apache (via the X-Forwarded* headers)
+and denies the UPDATE command.
+Does not treat request header fields case-insensitively
+Does not honour the Expect: 100-continue header
+Probably many more.