You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/02/11 17:38:28 UTC

[Bug 53099] feature request for mod_remoteip

https://bz.apache.org/bugzilla/show_bug.cgi?id=53099

--- Comment #2 from William A. Rowe Jr. <wr...@apache.org> ---
Mike, this statement confuses me...

/* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy
   or RemoteIPTrustedProxyList directive is configured,
   all proxies will be considered as external trusted proxies.
*/

mod_remoteip should not be translating any addresses from an unrecognized
proxy.  These untrusted addresses continue to live in the header they were
presented in (e.g. X-Forwarded-For) for modules to inspect, but must not enter
the authnz scheme of httpd.

Is this an issue with the module's logic (original, or as-patched), or just a
mis-statement?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org