On Wed, Apr 02, 2008 at 11:45:59AM +0100, Dagfinn Ilmari Mannsåker wrote:
> Bill Moseley <[EMAIL PROTECTED]> writes:
>
> > On Tue, Apr 01, 2008 at 11:38:15PM -0400, Andy Grundman wrote:
> >>
> >> When using X-Forwarded-For you cannot trust any value that is not
> >> added by your own upstream proxy, so we only want to use the last
> >> value in the list.
> >
> > Ah, right. In this case I've got more than one proxy which
> > that code doesn't expect. I can find a work-around.
>
> How about patching C::Engine::Apache to take a list of proxy IPs in its
> config and use the last IP in the header that is not among these?
Yes, that's probably the best solution.
For now I need to fix-up the proxy headers for use with Perlbal
anyway, so I'll just override prepare_headers and update
$c->req->address there.
But speaking of patching, there's this bit of code to not include the
default port:
if ( $port != 80 && $host !~ /:/ ) {
$host .= ":$port";
}
What about the same for 443 and https? Most browsers will remove the
default port, so not a huge issue. But, something like:
unless ( $host =~ /:/ ) {
$host .= ":$port"
if ( $c->req->secure && $port != 443 )
|| ( !$c->req->secure && $port != 80 )
}
--
Bill Moseley
[EMAIL PROTECTED]
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
