https://bz.apache.org/bugzilla/show_bug.cgi?id=53099
--- Comment #4 from William A. Rowe Jr. <[email protected]> --- This is a good suggestion, but I think we should take this one step further... RemoteIPInternalHeader X-RemoteIP RemoteIPHeader X-Forwarded-For, X-Forward In the absence of an RemoteIPInternalHeader list, the RemoteIPHeader list would be used instead to unwind the forwarded addresses for RemoteIPInternalProxy members. When the RemoteIPInternalHeader list is exhausted, the RemoteIPInternalProxy list would continue to be honored, but treated as trusted external proxies, for purposes of dis-honoring private IP addresses. This should ensure maximum compatibility with existing configurations and offer the fewest unintended consequences of a misconfiguration. It's unclear to me if https://tools.ietf.org/html/rfc7239 will see widespread adoption and how it would interact with older conventions. The header "Forwarded" could be treated as a special-case, supporting the new RFC, but deciphered in the order it appears. (I imagine it would typically be first where the immediate proxies which are trusted have adopted the convention). Sadly, https://tools.ietf.org/html/rfc7239#section-7.4 is less than helpful on this subject :) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
