https://bz.apache.org/bugzilla/show_bug.cgi?id=53099
--- Comment #2 from William A. Rowe Jr. <[email protected]> --- Mike, this statement confuses me... /* If no RemoteIPInternalProxy, RemoteIPInternalProxyList, RemoteIPTrustedProxy or RemoteIPTrustedProxyList directive is configured, all proxies will be considered as external trusted proxies. */ mod_remoteip should not be translating any addresses from an unrecognized proxy. These untrusted addresses continue to live in the header they were presented in (e.g. X-Forwarded-For) for modules to inspect, but must not enter the authnz scheme of httpd. Is this an issue with the module's logic (original, or as-patched), or just a mis-statement? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
