httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCárthaigh <c...@stdlib.net>
Subject Re: Adopting mod_remoteip to modules/metadata/ ?
Date Fri, 03 Apr 2009 07:34:00 GMT
On Wed, Apr 1, 2009 at 12:45 AM, William A. Rowe, Jr.
<wrowe@rowe-clan.net>wrote:

> I have essentially finished mod_remoteip at this point and am looking
> to find out the interest level of adopting this as a core module into
> trunk (modules/metadata/ appears to be the most appropriate target)?


+1 :-)

RemoteIPTrustedProxy 192.168.0. localhost/8


I don't think permitting hostname/number is a good idea, because a hostname
can map to multiple IPs, and it gets confusing, it's non-standard :-) Right
now the code just does a single lookup, and uses that - so where there are
multiple A/AAAA records we'll have random behaviour.

I'm not sure that I think hard-coding RFC1918 addresses is a good idea.
RFC3330 is more authoratitive for a start, and there's no correspending code
for IPv6 (e.g. the documentation prefixes, link-local scope, site-local
scope, and so on).

Either way, I think it's inaccurate to assume that there is anything special
about RFC1918 space, the user should be forced to configure those ranges.
Many networks have differing levels of trust and overlapping usages for that
space, and many others use globally-unique IPs in private contexts.

Looks cool though. We might need to add some docs warning peolpe that the
address might no longer match the address family of the actual socket.

-- 
Colm

Mime
View raw message