You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/02/11 17:38:28 UTC
[Bug 53099] feature request for mod_remoteip
https://bz.apache.org/bugzilla/show_bug.cgi?id=53099
--- Comment #2 from William A. Rowe Jr. <wr...@apache.org> ---
Mike, this statement confuses me...
/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy
or RemoteIPTrustedProxyList directive is configured,
all proxies will be considered as external trusted proxies.
*/
mod_remoteip should not be translating any addresses from an unrecognized
proxy. These untrusted addresses continue to live in the header they were
presented in (e.g. X-Forwarded-For) for modules to inspect, but must not enter
the authnz scheme of httpd.
Is this an issue with the module's logic (original, or as-patched), or just a
mis-statement?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org