httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: mod_remoteip
Date Mon, 09 Dec 2013 19:05:49 GMT


Am 09.12.2013 20:00, schrieb Jeff Trawick:
> On Mon, Dec 9, 2013 at 1:52 PM, Reindl Harald <h.reindl@thelounge.net <mailto:h.reindl@thelounge.net>>
wrote:
> 
>     Am 09.12.2013 19:28, schrieb Jim Jagielski:
>     > This seems kinda serious....
>     >
>     >       https://issues.apache.org/bugzilla/show_bug.cgi?id=55635
>     >
>     > any remoteip people able to look into this?
> 
>     i am willing to debug but i need a simplified
>     step-to-step what to look for and how to
>     reproduce if possible at all
> 
>     the mod_remoteip config looks like below
> 
>     RemoteIPHeader         X-Forwarded-For
>     RemoteIPInternalProxy  <LAN-IP of own http://trafficserver.apache.org/>
>     RemoteIPProxiesHeader  X-Forwarded-For
> 
> Has anyone read the explanation that Mike put in the bug?

yes i did read it but honestly i do not completly understand it
maybe language barrier involved :-(

my general understanding is that with the config above only if the
connecting real-IP of the proxy is listed in "RemoteIPInternalProxy"
the last IP of "X-Forwarded-For" and any other case of "X-Forwarded-For"
should be completly ignored

i am not completly sure that the bugreport speaks about bypassing
this safety net and in which circumstance or a different border
case not happening in the setup above at all


Mime
View raw message