httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 54651] mod_remoteip ends up trusting IPs that it doesn't check
Date Mon, 06 Jan 2014 16:30:50 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=54651

--- Comment #2 from Mike Rumph <mike.rumph@oracle.com> ---
Created attachment 31174
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=31174&action=edit
Patch to use correct IP address for trusted proxy comparison.

Worked the patch in the bug description as an attachment.
This patch is an essential fix for mod_remoteip to function properly.
This fix should be receiving some attention.

Without this fix the remoteip_modify_request() function in mod_remoteip.c will
not be using the correct IP address for comparison against the trusted proxy
list when the RemoteIPHeader header value is a list.
The first pass of the while will work correctly,
but the subsequent passes will not.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message