httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1704683 - /httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml
Date Tue, 22 Sep 2015 18:11:39 GMT
Author: covener
Date: Tue Sep 22 18:11:35 2015
New Revision: 1704683

URL: http://svn.apache.org/viewvc?rev=1704683&view=rev
Log:
add warnings and emphasize the defaults for trusted non-internal proxies)


Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml?rev=1704683&r1=1704682&r2=1704683&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml Tue Sep 22 18:11:35 2015
@@ -113,9 +113,12 @@ via the request headers.
     <var>header-field</var> header as the useragent IP address, or list
     of intermediate useragent IP addresses, subject to further configuration
     of the <directive module="mod_remoteip">RemoteIPInternalProxy</directive>
and
-    <directive module="mod_remoteip">RemoteIPTrustedProxy</directive> directives.
 Unless these
-    other directives are used, <module>mod_remoteip</module> will trust all
-    hosts presenting a <directive module="mod_remoteip">RemoteIPHeader</directive>
IP value.</p>
+    <directive module="mod_remoteip">RemoteIPTrustedProxy</directive> directives.</p>
+
+    <note type="warning"> Unless these other directives are used, <module>mod_remoteip</module>

+    will trust all hosts presenting a non internal address in the 
+    <directive module="mod_remoteip">RemoteIPHeader</directive> header value.
+    </note>
 
     <example><title>Internal (Load Balancer) Example</title>
     <highlight language="config">
@@ -213,20 +216,26 @@ RemoteIPProxiesHeader X-Forwarded-By
 
 <directivesynopsis>
 <name>RemoteIPTrustedProxy</name>
-<description>Declare client intranet IP addresses trusted to present the RemoteIPHeader
value</description>
+<description>Restrict client IP addresses trusted to present the RemoteIPHeader value</description>
 <syntax>RemoteIPTrustedProxy <var>proxy-ip</var>|<var>proxy-ip/subnet</var>|<var>hostname</var>
...</syntax>
 <contextlist><context>server config</context><context>virtual host</context></contextlist>
 
 <usage>
-    <p>The <directive module="mod_remoteip">RemoteIPTrustedProxy</directive>
directive adds one
-    or more addresses (or address blocks) to trust as presenting a valid
-    RemoteIPHeader value of the useragent IP.  Unlike the
-    <directive module="mod_remoteip">RemoteIPInternalProxy</directive> directive,
any intranet
+    <p>The <directive module="mod_remoteip">RemoteIPTrustedProxy</directive>

+    directive restricts which peer IP addresses (or address blocks) will be
+    trusted to present  a valid RemoteIPHeader value of the useragent IP.</p>
+  
+    <p> Unlike the <directive module="mod_remoteip">RemoteIPInternalProxy</directive>
directive, any intranet
     or private IP address reported by such proxies, including the 10/8, 172.16/12,
     192.168/16, 169.254/16 and 127/8 blocks (or outside of the IPv6 public
     2000::/3 block) are not trusted as the useragent IP, and are left in the
     <directive module="mod_remoteip">RemoteIPHeader</directive> header's value.</p>
 
+    <note type="warning">By default, <module>mod_remoteip</module> will
trust 
+    all hosts presenting a non internal address in the 
+    <directive module="mod_remoteip">RemoteIPHeader</directive> header value.
+    </note>
+
     <example><title>Trusted (Load Balancer) Example</title>
         <highlight language="config">
 RemoteIPHeader X-Forwarded-For
@@ -239,7 +248,7 @@ RemoteIPTrustedProxy proxy.example.com
 
 <directivesynopsis>
 <name>RemoteIPTrustedProxyList</name>
-<description>Declare client intranet IP addresses trusted to present the RemoteIPHeader
value</description>
+<description>Restrict client IP addresses trusted to present the RemoteIPHeader value</description>
 <syntax>RemoteIPTrustedProxyList <var>filename</var></syntax>
 <contextlist><context>server config</context><context>virtual host</context></contextlist>
 



Mime
View raw message