httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: mod_remoteip
Date Wed, 11 Dec 2013 22:18:08 GMT
On Mon, 09 Dec 2013 11:10:46 -0800
Mike Rumph <mike.rumph@oracle.com> wrote:

> As you can see from the bug report, I have been looking into this.
> It might also be important to  consider the related bug 55637:
> - https://issues.apache.org/bugzilla/show_bug.cgi?id=55637

Closed invalid.  The incorrect assumptions are very similar to but
distinct from the 55635 case.

In this case, let's use a car's title as it's internal proxy document
and the car's ignition keys as the trusted proxy document.  Although 
you might trust one with your car keys, they can go ahead and share
those keys with yet another party.  We would not want to design the
remoteip logic to then let that individual hand another party the title
to the vehicle :)  Once the InternalProxy list is exhausted and we have
begun processing the TrustedProxy list, we can never again assign the
next apparent proxy to be an InternalProxy.  That would be a claim by
an external party whom we can't assign that much trust to.

> The setups so far have not included a RemoteIPProxiesHeader.
> But if it is included, the mod_remote documentation seems to indicate 
> that the value should be different from the RemoteIPHeader.
> - 
> http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html#remoteipproxiesheader 
> 
> RemoteIPHeader  X-Forwarded-For
> RemoteIPProxiesHeader  X-Forwarded-By

You are correct.

> From my analysis so far it appears that mod_remoteip is behaving as
> documented. But the documentation is a little difficult to understand.

Correct, and I'm not sure how it can be improved.  Feel free to quote,
rephrase or build upon my responses to the bug tickets.

Mime
View raw message