httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Adopting mod_remoteip to modules/metadata/ ?
Date Wed, 01 Apr 2009 15:16:47 GMT
Graham Leggett wrote:

> (Having not yet had a chance to look at the code) How is the possibility 
> of multiple IPs in the same header handled, eg:
> 
> X-Fowarded-For: 10.2.3.4, 10.11.12.13

I think you'll find your question is answered in the README I referenced.
It's handled fine.  The interesting point is that, presuming that the
nearest remote_host and 10.11.12.13 both have 'Internal' trust, meaning
they are know to our network, while 67.151.55.1 and 178.21.1.10 are given
TrustedProxy status, we would still refuse to acknowledge another networks
private subnet.  Therefore;

X-Fowarded-For: 10.2.3.4, 67.151.55.1 178.21.1.10, 10.11.12.13

results in a remote_host 67.151.55.1, and the header value is updated to
reflect that this host still makes an X-Forwarded-For assertion, e.g.
X-Fowarded-For: 10.2.3.4

Will we someday introduce a feature to treat this as a decorated remote
host name of something like "67.151.55.1_10.2.3.4" - I'd suggest we could
but that feature could break any number of thirdparty modules attempting
to resolve this address.

Mime
View raw message