httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1791238 [1/9] - in /httpd/httpd/trunk/docs/manual: ./ mod/
Date Thu, 13 Apr 2017 12:27:57 GMT
Author: jim
Date: Thu Apr 13 12:27:56 2017
New Revision: 1791238

URL: http://svn.apache.org/viewvc?rev=1791238&view=rev
Log:
xforms

Modified:
    httpd/httpd/trunk/docs/manual/expr.html.en
    httpd/httpd/trunk/docs/manual/mod/directives.html.de
    httpd/httpd/trunk/docs/manual/mod/directives.html.en
    httpd/httpd/trunk/docs/manual/mod/directives.html.es
    httpd/httpd/trunk/docs/manual/mod/directives.html.ja.utf8
    httpd/httpd/trunk/docs/manual/mod/directives.html.ko.euc-kr
    httpd/httpd/trunk/docs/manual/mod/directives.html.tr.utf8
    httpd/httpd/trunk/docs/manual/mod/directives.html.zh-cn.utf8
    httpd/httpd/trunk/docs/manual/mod/mod_brotli.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_remoteip.html.en
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.de
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.en
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.es
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.fr
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.ja.utf8
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.ko.euc-kr
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.tr.utf8
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.zh-cn.utf8

Modified: httpd/httpd/trunk/docs/manual/expr.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/expr.html.en?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/expr.html.en (original)
+++ httpd/httpd/trunk/docs/manual/expr.html.en Thu Apr 13 12:27:56 2017
@@ -197,7 +197,7 @@ listfunction ::= listfuncname "<strong>(
 <tr class="odd"><td><code>REMOTE_ADDR</code></td>
         <td>The IP address of the remote host</td></tr>
 <tr><td><code>REMOTE_PORT</code></td>
-        <td>The port of the remote host</td></tr>
+        <td>The port of the remote host (2.4.26 and later)</td></tr>
 <tr class="odd"><td><code>REMOTE_HOST</code></td>
         <td>The host name of the remote host</td></tr>
 <tr><td><code>REMOTE_USER</code></td>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.de
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.de?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.de (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.de Thu Apr 13 12:27:56 2017
@@ -560,6 +560,7 @@
 <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.en?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.en Thu Apr 13 12:27:56 2017
@@ -561,6 +561,7 @@
 <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.es
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.es?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.es (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.es Thu Apr 13 12:27:56 2017
@@ -563,6 +563,7 @@
 <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.ja.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.ja.utf8?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.ja.utf8 [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.ja.utf8 [utf-8] Thu Apr 13 12:27:56
2017
@@ -558,6 +558,7 @@
 <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.ko.euc-kr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.ko.euc-kr?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.ko.euc-kr [euc-kr] (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.ko.euc-kr [euc-kr] Thu Apr 13 12:27:56
2017
@@ -558,6 +558,7 @@
 <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.tr.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.tr.utf8?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.tr.utf8 [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.tr.utf8 [utf-8] Thu Apr 13 12:27:56
2017
@@ -557,6 +557,7 @@
 <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.zh-cn.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.zh-cn.utf8?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.zh-cn.utf8 (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.zh-cn.utf8 Thu Apr 13 12:27:56 2017
@@ -556,6 +556,7 @@
 <li><a href="mod_remoteip.html#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><a href="mod_remoteip.html#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><a href="mod_remoteip.html#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><a href="mod_remoteip.html#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><a href="mod_remoteip.html#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 <li><a href="mod_mime.html#removecharset">RemoveCharset</a></li>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_brotli.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_brotli.html.en?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_brotli.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_brotli.html.en Thu Apr 13 12:27:56 2017
@@ -32,13 +32,15 @@
 client</td></tr>
 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>brotli_module</td></tr>
-<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_brotli.c</td></tr></table>
+<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_brotli.c</td></tr>
+<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available
in version 2.4.26 and later.</td></tr></table>
 <h3>Summary</h3>
 
     <p>The <code class="module"><a href="../mod/mod_brotli.html">mod_brotli</a></code>
module provides
     the <code>BROTLI_COMPRESS</code> output filter that allows output from
     your server to be compressed using the brotli compression format before being sent to
the client over
-    the network.</p>
+    the network. This module uses the Brotli library found at
+    <a href="https://github.com/google/brotli">https://github.com/google/brotli</a>.</p>
 </div>
 <div id="quickview"><h3>Topics</h3>
 <ul id="topics">
@@ -64,7 +66,7 @@ content</a></li>
 <h2><a name="recommended" id="recommended">Sample Configurations</a></h2>
     <div class="warning"><h3>Compression and TLS</h3>
         <p>Some web applications are vulnerable to an information disclosure
-        attack when a TLS connection carries deflate compressed data. For more
+        attack when a TLS connection carries compressed data. For more
         information, review the details of the "BREACH" family of attacks.</p>
     </div>
     <p>This is a simple configuration that compresses common text-based content types.</p>
@@ -77,7 +79,7 @@ content</a></li>
 <h2><a name="enable" id="enable">Enabling Compression</a></h2>
     <div class="warning"><h3>Compression and TLS</h3>
         <p>Some web applications are vulnerable to an information disclosure
-        attack when a TLS connection carries deflate compressed data. For more
+        attack when a TLS connection carries compressed data. For more
         information, review the details of the "BREACH" family of attacks.</p>
     </div>
 
@@ -108,37 +110,12 @@ SetEnvIfNoCase Request_URI \.(?:gif|jpe?
       <div class="note"><h3>Note</h3>
         There is an environment variable <code>no-brotli</code>,
         set via <code class="directive"><a href="../mod/mod_env.html#setenv">SetEnv</a></code>,
which
-        will ignore the accept-encoding setting of your browser and will
-        send compressed output.
+        will disable brotli compression for a particular request, even if
+        it is supported by the client.
       </div>
 
     
 
-    <h3><a name="input" id="input">Input Decompression</a></h3>
-      <p>The <code class="module"><a href="../mod/mod_brotli.html">mod_brotli</a></code>
module also provides a filter for
-      decompressing a brotli compressed request body . In order to activate
-      this feature you have to insert the <code>BROTLI_COMPRESS</code> filter
into
-      the input filter chain using <code class="directive"><a href="../mod/core.html#setinputfilter">SetInputFilter</a></code>
or <code class="directive"><a href="../mod/mod_mime.html#addinputfilter">AddInputFilter</a></code>,
for example:</p>
-
-      <pre class="prettyprint lang-config">&lt;Location "/dav-area"&gt;
-    SetInputFilter BROTLI_COMPRESS
-&lt;/Location&gt;</pre>
-
-
-      <p>Now if a request contains a <code>Content-Encoding:
-      brotli</code> header, the body will be automatically decompressed.
-      Few browsers have the ability to brotli request bodies. However,
-      some special applications actually do support request
-      compression, for instance some <a href="http://www.webdav.org">WebDAV</a>
clients.</p>
-
-      <div class="warning"><h3>Note on Content-Length</h3>
-        <p>If you evaluate the request body yourself, <em>don't trust
-        the <code>Content-Length</code> header!</em>
-        The Content-Length header reflects the length of the
-        incoming data from the client and <em>not</em> the byte count of
-        the decompressed data stream.</p>
-      </div>
-    
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="section">
 <h2><a name="proxies" id="proxies">Dealing with proxy servers</a></h2>
@@ -154,7 +131,7 @@ SetEnvIfNoCase Request_URI \.(?:gif|jpe?
     on, for example, the <code>User-Agent</code> header, you must
     manually configure an addition to the <code>Vary</code> header
     to alert proxies of the additional restrictions.  For example,
-    in a typical configuration where the addition of the <code>DEFLATE</code>
+    in a typical configuration where the addition of the <code>BROTLI_COMPRESS</code>
     filter depends on the <code>User-Agent</code>, you should add:</p>
 
     <pre class="prettyprint lang-config">Header append Vary User-Agent</pre>
@@ -181,25 +158,25 @@ content</a></h2>
     <pre class="prettyprint lang-config">&lt;IfModule mod_headers.c&gt;
     # Serve brotli compressed CSS files if they exist
     # and the client accepts brotli.
-    RewriteCond "%{HTTP:Accept-encoding}" "brotli"
+    RewriteCond "%{HTTP:Accept-encoding}" "br"
     RewriteCond "%{REQUEST_FILENAME}\.br" "-s"
     RewriteRule "^(.*)\.css"              "$1\.css\.br" [QSA]
 
     # Serve brotli compressed JS files if they exist
     # and the client accepts brotli.
-    RewriteCond "%{HTTP:Accept-encoding}" "brotli"
+    RewriteCond "%{HTTP:Accept-encoding}" "br"
     RewriteCond "%{REQUEST_FILENAME}\.br" "-s"
     RewriteRule "^(.*)\.js"               "$1\.js\.br" [QSA]
 
 
-    # Serve correct content types, and prevent mod_brotli double brotli.
-    RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-brotli:1]
-    RewriteRule "\.js\.gz$"  "-" [T=text/javascript,E=no-brotli:1]
+    # Serve correct content types, and prevent double compression.
+    RewriteRule "\.css\.br$" "-" [T=text/css,E=no-brotli:1]
+    RewriteRule "\.js\.br$"  "-" [T=text/javascript,E=no-brotli:1]
 
 
-    &lt;FilesMatch "(\.js\.gz|\.css\.gz)$"&gt;
+    &lt;FilesMatch "(\.js\.br|\.css\.br)$"&gt;
       # Serve correct encoding type.
-      Header append Content-Encoding brotli
+      Header append Content-Encoding br
 
       # Force proxies to cache brotli &amp;
       # non-brotli css/js files separately.
@@ -225,12 +202,14 @@ content</a></h2>
     <dt>AddSuffix</dt>
     <dd><p>Append the compression method onto the end of the ETag, causing
         compressed and uncompressed representations to have unique ETags.
-        This has been the default since 2.4.0, but prevents serving
-        "HTTP Not Modified" (304) responses to conditional requests for
-        compressed content.</p></dd>
+        In another dynamic compression module, mod_deflate, this has been
+        the default since 2.4.0. This setting prevents serving "HTTP Not
+        Modified" (304) responses to conditional requests for compressed
+        content.</p></dd>
     <dt>NoChange</dt>
-    <dd><p>Don't change the ETag on a compressed response. This was the default
-        prior to 2.4.0, but does not satisfy the HTTP/1.1 property that all
+    <dd><p>Don't change the ETag on a compressed response. In another dynamic
+        compression module, mod_deflate, this has been the default prior to
+        2.4.0. This setting does not satisfy the HTTP/1.1 property that all
         representations of the same resource have unique ETags. </p></dd>
     <dt>Remove</dt>
     <dd><p>Remove the ETag header from compressed responses. This prevents
@@ -244,7 +223,7 @@ content</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum
input block size</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>BrotliCompressionMaxInputBlock
<var>value</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>BrotliCompressionMaxInputBlock
0</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>(automatic)</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_brotli</td></tr>
@@ -265,9 +244,8 @@ content</a></h2>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_brotli</td></tr>
 </table>
     <p>The <code class="directive">BrotliCompressionQuality</code> directive
specifies
-    the compression quality performed (a value between 0 and 11). Higher
-    quality values result in better compression but also slower compression
-    as well.
+    the compression quality (a value between 0 and 11). Higher quality values
+    result in better, but also slower compression.
   </p>
 
 </div>
@@ -282,9 +260,8 @@ content</a></h2>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_brotli</td></tr>
 </table>
     <p>The <code class="directive">BrotliCompressionWindow</code> directive
specifies the
-    brotli sliding compression window size (a value between 10 and 24). Generally, the
-    higher the window size, the higher can the compression ratio be expected
-    but requires more memory.</p>
+    brotli sliding compression window size (a value between 10 and 24). Larger
+    window sizes can improve compression quality, but require more memory.</p>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_remoteip.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_remoteip.html.en?rev=1791238&r1=1791237&r2=1791238&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_remoteip.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_remoteip.html.en Thu Apr 13 12:27:56 2017
@@ -76,6 +76,7 @@ via the request headers.
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 </ul>
@@ -229,19 +230,19 @@ RemoteIPProxiesHeader X-Forwarded-By</pr
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="RemoteIPProxyProtocol" id="RemoteIPProxyProtocol">RemoteIPProxyProtocol</a>
<a name="remoteipproxyprotocol" id="remoteipproxyprotocol">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable,
optionally enable or disable the PROXY protocol handling</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>RemoteIPProxyProtocol
On|Optional|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable
or disable PROXY protocol handling</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>RemoteIPProxyProtocol
On|Off</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr>
 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>RemoteIPProxyProtocol
is only available in httpd 2.4.26 and newer</td></tr>
 </table>
-    <p>The <code class="directive">RemoteIPProxyProtocol</code> enables
or 
+    <p>The <code class="directive">RemoteIPProxyProtocol</code> directive
enables or 
     disables the reading and handling of the PROXY protocol connection header.
     If enabled with the <code>On</code> flag, the upstream client <em>must</em>
     send the header every time it opens a connection or the connection will
-    be aborted. If enabled with the <code>Optional</code> flag, the upstream
-    client <em>may</em> send the header.</p>
+    be aborted unless it is in the list of disabled hosts provided by <code class="directive"><a
href="#remoteipproxyprotocolexceptions">RemoteIPProxyProtocolExceptions</a></code>
+    directive.</p>
 
     <p>While this directive may be specified in any virtual host, it is
     important to understand that because the PROXY protocol is connection
@@ -253,44 +254,50 @@ RemoteIPProxiesHeader X-Forwarded-By</pr
     in the other, that won't work; in such a case the last one wins and a
     notice will be logged indicating which setting was being overridden.</p>
 
-    <div class="note">When multiple virtual hosts on the same IP and port are
-    configured with a combination of <code>On</code> and <code>Optional</code>
-    flags, connections will not be aborted if the header is not sent.
-    Instead, enforcement will happen after the request is read so virtual
-    hosts configured with <code>On</code> will return a 400 Bad Request.
-    Virtual hosts configured with <code>Optional</code> will continue as
-    usual but without replacing the client IP information</div>
-    
     <pre class="prettyprint lang-config">Listen 80
 &lt;VirtualHost *:80&gt;
     ServerName www.example.com
-    RemoteIPProxyProtocol Optional
-
-    #Requests to this virtual host may optionally not have
-    # a PROXY protocol header provided
-&lt;/VirtualHost&gt;
-
-&lt;VirtualHost *:80&gt;
-    ServerName www.example.com
     RemoteIPProxyProtocol On
 
     #Requests to this virtual host must have a PROXY protocol
-    # header provided. If it is missing, a 400 will result
+    # header provided. If it is missing, the connection will
+    # be aborted
 &lt;/VirtualHost&gt;
 
 Listen 8080
 &lt;VirtualHost *:8080&gt;
     ServerName www.example.com
     RemoteIPProxyProtocol On
+    RemoteIPProxyProtocolExceptions 127.0.0.1 10.0.0.0/8
 
     #Requests to this virtual host must have a PROXY protocol
     # header provided. If it is missing, the connection will
-    # be aborted
+    # be aborted except when coming from localhost or the
+    # 10.x.x.x RFC1918 range
 &lt;/VirtualHost&gt;</pre>
 
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="RemoteIPProxyProtocolExceptions"
id="RemoteIPProxyProtocolExceptions">RemoteIPProxyProtocolExceptions</a> <a name="remoteipproxyprotocolexceptions"
id="remoteipproxyprotocolexceptions">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Disable
processing of PROXY header for certain hosts or networks</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>RemoteIPProxyProtocolExceptions
host|range [host|range] [host|range]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>RemoteIPProxyProtocolExceptions
is only available in httpd 2.4.26 and newer</td></tr>
+</table>
+    <p>The <code class="directive">RemoteIPProxyProtocol</code> directive
enables or
+    disables the reading and handling of the PROXY protocol connection header.
+    Sometimes it is desirable to require clients to provide the PROXY header, but
+    permit other clients to connect without it. This directive allows a server 
+    administrator to configure a single host or CIDR range of hosts that may do
+    so. This is generally useful for monitoring and administrative traffic to a 
+    virtual host direct to the server behind the upstream load balancer.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="RemoteIPTrustedProxy" id="RemoteIPTrustedProxy">RemoteIPTrustedProxy</a>
<a name="remoteiptrustedproxy" id="remoteiptrustedproxy">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Restrict
client IP addresses trusted to present the RemoteIPHeader value</td></tr>



Mime
View raw message