httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: svn commit: r1704683 - /httpd/httpd/trunk/docs/manual/mod/mod_remoteip.xml
Date Tue, 06 Oct 2015 16:23:07 GMT

> On Oct 6, 2015, at 10:47 AM, Eric Covener <covener@gmail.com> wrote:
> 
> On Tue, Sep 22, 2015 at 11:09 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
>> On Tue, Sep 22, 2015 at 8:48 PM, Eric Covener <covener@gmail.com> wrote:
>>> 
>>> Maybe my followup is better phrased.  No issue with handling of internal
>>> IPs.
>>> 
>>> Currently, we act like RemoteIPTrustedProxy * by default (once they've
>>> named the XFF header) and warn people they'd better restrict it.
>> 
>> 
>> I agree that was not the original design and we should address it with a fix
>> rather than a docs fix, IMHO.  'Trusted' is the exception, not the general
>> case.
> 
> bump. I don't love the idea of changing the 2.4 defaults.

+1

> 
> Current doc already says "Unless these other directives are used,
> mod_remoteip will trust all hosts presenting a RemoteIPHeader IP
> value." so I thought it was wise  to reinforce this in other sections.
>  Doc is not back-ported yet.


Mime
View raw message