httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: mod_remoteip and mod_http2 combined
Date Wed, 29 Mar 2017 21:44:48 GMT
On Wed, Mar 29, 2017 at 4:43 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
>
> It would be nice if the mod_remoteip patch to PROXY protocol followed the
> security advisories of the PROXY draft security comments, and we rip out the
> 'optional' mode. The remaining objection is around the ambiguity of 'optional'
> (which can't exist) and the objection that how PROXY works as an implicit
> trust model using mod_remoteip is laughable, since the connection cannot
> be established without some PROXY protocol line interceptor yanking the
> garbage out of otherwise well-formed HTTP/1.1 - HTTP-TLS - h2c - h2 input.
>
> There is no 'untrusted PROXY header input' because that isn't part of the
> HTTP protocol and that garbage generates a 400 without an interceptor.
> No problem declaring that if we are willing to decode it, we will accept the
> input as gospel.

(By this measure, I'm dropping any objection to also setting HTTPS TLS
content trust flags, although mod_ssl would typically provide much more
information about which server and client certificates had been presented
and what cipher is in use.)

Mime
View raw message