https://bz.apache.org/bugzilla/show_bug.cgi?id=61355
--- Comment #6 from William A. Rowe Jr. <[email protected]> --- In general I like the patch very much. But there is a problem with the proposal; + <example><title>Proxy Example</title> + <highlight language="config"> + RemoteIPProtoHeader X-Forwarded-Proto + </highlight> + </example> Can you suggest any case where it would be legitimate to accept a different protocol other than the true protocol used to deliver the request across the internet? This seems like an entirely-intranet convention, should use only the trusted Internal proxy list, and accept any protocol (not only HTTPS) presented by that internal gateway agent. WDYT? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
