httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <>
Subject Re: 2.4.x STATUS needs you!
Date Thu, 14 Dec 2017 01:50:18 GMT
Aye, I had originally added the support for PROXY in remoteip since... well... it's used to
extract remote IP info. The funny part is that I had committed my additions within an hour
of the third party code being donated and incorporated without realizing it... so I removed
my changes and added this code into remoteip with some small fixes.

I'm a bit confused. I don't recall so much opposition to this being in remoteip. It seems
reasonable to me since it's just another way to get remote client IP information from the
connection versus an HTTP header. Worth pointing out is that it can be argued that both are
operating at layer 7 since there doesn't seem to be universal agreement as to whether TLS
is layer 6 or 7... one method of IP extraction just happens to be layer 7 data that proceeds
TLS while the other is layer 7 data wrapped in TLS inside an HTTP request. Academic discussion
of OSI layers aside, it still feels "right" to me as a user and server admin to expect mod_remoteip
to be the one place I would go to enable extraction of remote IP info. I'm not exactly firm
on this... I would rather just see the functionality in the server... but hopefully that at
least clarifies how we wound up in this neighborhood to begin with.

As for the whitelist/blacklist thoughts, I don't completely follow the preference for enabling
specific ranges and also having a blacklist rather than the current "enable for everything
except these ranges". Bill, can you add a bit more color here? We're probably closer in thought
process than not... I just can't connect the dots. To my knowledge, we are the only server
even evaluating something more than just on or off... which I think is pretty cool and a sign
of innovation.

Personally, I want to see this in the server... It appears we have either silent opposition
to the patch or just a lack of interest from other committers, so I appreciate that Stefan
is pointing these things out. I *hope* I can spend some time on it in the coming weeks, but
I've been poking at this particular patch for about a year now and have a short attention
span. Hopefully enough feedback and work can be done soon to get *someone* comfortable enough
for another +1.
Daniel Ruggeri

On December 13, 2017 6:19:43 AM CST, William A Rowe Jr <> wrote:
>On Wed, Dec 13, 2017 at 6:17 AM, Jim Jagielski <> wrote:
>> On Dec 13, 2017, at 1:02 AM, Jordan Gigov <> wrote:
>> On 12 December 2017 at 11:32, Stefan Eissing
>> wrote:
>>> Fellow Apache developers: if we want to make an X-mas 2.4 release
>for the
>>> people on this planet, the backports in STATUS need your attention:
>>> B2: mod_remoteip: Add PROXY protocol support
>>>   - needs 1 more vote!
>> I find that trying to have both Proxy Protocol and the old remoteip
>> functionality in the same mod is harder to maintain. I propose that
>they be
>> split up before an official release.
>> IIRC, that was the way it was. OtherBill wanted the functionality
>> in mod_remoteip.
>Oh, no, you most definitely mis-remember. It was presented as a
>addition from the get-go.

View raw message