Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D4E447607 for ; Wed, 23 Nov 2011 18:30:11 +0000 (UTC) Received: (qmail 8444 invoked by uid 500); 23 Nov 2011 18:30:10 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 8383 invoked by uid 500); 23 Nov 2011 18:30:10 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 8375 invoked by uid 99); 23 Nov 2011 18:30:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Nov 2011 18:30:10 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of minfrin@sharp.fm designates 72.32.122.20 as permitted sender) Received: from [72.32.122.20] (HELO chandler.sharp.fm) (72.32.122.20) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Nov 2011 18:30:03 +0000 Received: from chandler.sharp.fm (localhost [127.0.0.1]) by chandler.sharp.fm (Postfix) with ESMTP id 6DDD7508028 for ; Wed, 23 Nov 2011 12:29:42 -0600 (CST) Received: from [10.0.0.251] (87-194-125-19.bethere.co.uk [87.194.125.19]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: minfrin@sharp.fm) by chandler.sharp.fm (Postfix) with ESMTP id 1E33950801D for ; Wed, 23 Nov 2011 12:29:41 -0600 (CST) Message-Id: <0F948652-0F13-4B38-8CFC-80CF5B2ECA8A@sharp.fm> From: Graham Leggett To: dev@httpd.apache.org In-Reply-To: <20111123182255.21ffaf37@baldur> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Subject: Re: client_ip vs remote_ip Date: Wed, 23 Nov 2011 20:29:40 +0200 References: <20111122150803.153fa012@baldur> <201111222217.51060.sf@sfritsch.de> <20111122214508.7dbf043e@baldur> <44C53D01-D6A7-4BFD-B12F-749097B0E781@webthing.com> <4ECD33C9.3070501@rowe-clan.net> <20111123182255.21ffaf37@baldur> X-Mailer: Apple Mail (2.936) X-Virus-Scanned: ClamAV using ClamSMTP On 23 Nov 2011, at 8:22 PM, Nick Kew wrote: >> This has the additional advantage of *breaking* existing c->remote_ip >> references and forcing the module author to choose which they mean >> for >> their purposes (most would refer to the authenticated address). This makes more sense to me, +1. > An interesting take on it! > > But use of remote_ip and remote_addr goes further than that. > Changing their semantics in CGI (and its imitators from PHP to > mod_rewrite) would *silently* break apps, so a firm -1 to that. > And divorcing conn->remote_ip from the CGI/etc gets fearsomely > confusing! There is no option to silently break any app, the only way to get this functionality is for the administrator to actively enable a module like mod_remoteip (or similar module depending on your needs). In the word of load balancers, this behaviour is already well understood and supported. Regards, Graham --