On Wed, Apr 1, 2009 at 12:45 AM, William A. Rowe, Jr. <wrowe@rowe-clan.net> wrote:
I have essentially finished mod_remoteip at this point and am looking
to find out the interest level of adopting this as a core module into
trunk (modules/metadata/ appears to be the most appropriate target)?

+1 :-)

RemoteIPTrustedProxy 192.168.0. localhost/8

I don't think permitting hostname/number is a good idea, because a hostname can map to multiple IPs, and it gets confusing, it's non-standard :-) Right now the code just does a single lookup, and uses that - so where there are multiple A/AAAA records we'll have random behaviour.

I'm not sure that I think hard-coding RFC1918 addresses is a good idea. RFC3330 is more authoratitive for a start, and there's no correspending code for IPv6 (e.g. the documentation prefixes, link-local scope, site-local scope, and so on).

Either way, I think it's inaccurate to assume that there is anything special about RFC1918 space, the user should be forced to configure those ranges. Many networks have differing levels of trust and overlapping usages for that space, and many others use globally-unique IPs in private contexts.
Looks cool though. We might need to add some docs warning peolpe that the address might no longer match the address family of the actual socket.