httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Hoentjen <san...@hoentjen.eu>
Subject Re: An ask for eyes on proposal
Date Fri, 09 Jun 2017 09:17:22 GMT
On 06/08/2017 07:30 PM, Daniel Ruggeri wrote:
> Hi, all;
> With the proposal to T&R set for Monday, I wanted to draw attention to
> the PROXY protocol proposal in STATUS. Just hoping for a quick review.
> I know it appears to be a large change, but as I worked through the
> feedback, ten of the commits effectively got coded out. What we are
> left with is essentially just the donated code + safety around IPv6 +
> the ability to designate subnets that do not get PROXY processing.
>
> This code has been around a while and I think it would be nice if we
> could incorporate the donated code in the first release since being
> donated.
>
Hi,

While I know I don't have much say in this, since I never really
contributed much I still believe it would be better to specify enabling
Proxy Protocol on a server, not vhost level. Because well, once you
enable it in one vhost it gets enabled for all vhosts using that port/ip
combination.

Here is what I said before about it:

Right now the patch proposes RemoteIPProxyProtocol inside a vhost config, but wouldn't it
be better (since it is connection-specific) to have something like a ProxyProtocolListen directive?
Where you say instead of:
------
<VirtualHost 127.0.0.1:9001>
RemoteIPProxyProtocol On
</VirtualHost>
------
Something like:
------
ProxyProtocolListen 127.0.0.1:9001
or
ProxyProtocolEnable 127.0.0.1:9001
------

IMHO this is much cleaner than within a vhost (because that has side-effects on other vhosts
as well)

What do you guys think?

Regards,
Sander


Mime
View raw message