You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2009/02/27 22:07:35 UTC

svn commit: r748698 - /httpd/sandbox/mod_remoteip/README

Author: wrowe
Date: Fri Feb 27 21:07:34 2009
New Revision: 748698

URL: http://svn.apache.org/viewvc?rev=748698&view=rev
Log:
more thoughts

Modified:
    httpd/sandbox/mod_remoteip/README

Modified: httpd/sandbox/mod_remoteip/README
URL: http://svn.apache.org/viewvc/httpd/sandbox/mod_remoteip/README?rev=748698&r1=748697&r2=748698&view=diff
==============================================================================
--- httpd/sandbox/mod_remoteip/README (original)
+++ httpd/sandbox/mod_remoteip/README Fri Feb 27 21:07:34 2009
@@ -57,3 +57,35 @@
 
  * http://meta.wikimedia.org/wiki/XFF_project
 
+
+
+There is a second tier of issues.  We may wish to recognize private IP
+addresses, but only when presented by a specific private proxy or group of 
+private proxies.  E.g. one or more intranets may be of interest, but on balance 
+most are not, even coming from otherwise trusted public proxies.  RFC 1918 
+defines these as 10./8, 172.16./12 and 192.168./16, and even 127./8 may be 
+of interest for purposes of testing or remoting one particular box.
+
+If a given proxy is trusted, but not one of our private proxies, and indicates
+that its immediate X-Forwarded-For pointer is within a private subnet, that
+translation should not occur, and the proxy itself should be treated as the 
+client remote IP.  
+
+There is another option that presents itself as suggested by the XFF_project
+crew, which is to create a representation of the IP as {private}-via-{public}
+resolutions, which could serve as a uniquifier within the private domain for
+various bandwidth and access control purposes.  That's pretty far down in the
+TODO, as it requires some different (and possibly unexpected) handling of the 
+conn_rec fields.  Because the representation of conn_rec->remote_ip in the 
+private address space is often used, e.g. for Allow from 10. syntax to protect
+intranet resources, some other representation in remote_ip must be used.
+
+
+Additional security considerations;
+
+  * Trust is absolute.  If the trusted proxy is subject to an MITM attack,
+    or blindly trusts a request X-Forwarded-For field without appending its
+    own address, the server will falsely evaluate such a chain.
+
+
+ 
\ No newline at end of file