httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: svn commit: r1783256 - /httpd/httpd/branches/2.4.x/STATUS
Date Tue, 14 Mar 2017 00:35:25 GMT
On Mon, Mar 13, 2017 at 7:31 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
> On Sat, Mar 11, 2017 at 1:33 PM, Daniel Ruggeri <DRuggeri@primary.net> wrote:
>> This is important for us on two fronts:
>> * For mod_remoteip, we'd have to decide which to use. The current method
>> is to prefer PROXY.
>> * If we add PROXY support to mod_proxy, we have to decide which to propagate
>
> [...]
>
> We support X-F-F to some extent today, but not properly. But because we
> are an HTTP server which can mangle HTTP request metadata, and our
> proxy connections are not remote connection-bound, we should probably
> apply the logic above to generate an RFC7239 Forwarded header. This
> is where we probably collapse all

Whoops, sorry...

"Where we should probably collapse all" trusted proxy data into the alternate
header, and relay all remaining untrusted X-F-F/Forwarded data on to the
client as 'you deal with this'.

Or add a flag to recombine it all and let the backend reprocess it all, but the
entire point of putting httpd somewhere in the chain is to deduplicate and
eliminate useless data and CPU time.

Mime
View raw message