tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Cannot set remote address in valve (Tomcat 5.5)
Date Fri, 09 Oct 2009 15:49:03 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cyrille,

On 10/9/2009 9:16 AM, Cyrille Le Clerc wrote:
> An idea to mitigate this risk is to ask the network team to remove
> some http headers at the entry of the platform (x-forwarded-for,
> x-forwarded-proto, x-forwarded-... )

This makes a lot of sense, except that there might be some legitimate
proxies in the path that shouldn't be removed.

>> Uh.... huh? That seems counter-intuitive to trust the first untrusted IP
>> address you find. I'll read about mod_remoteip and see what it's all about.
> 
> My mistake, I forgot to mention that it was evaluating from the right
> to the left.

Aah, that makes more sense. Thanks for the clarification.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrPW28ACgkQ9CaO5/Lv0PA3ogCePMOOeDkuEwYbYdYAVhmKBDG5
t9YAnRVRhuqun7gd8mujA+xV/pFzNc2t
=//Jq
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message