On Tue, 15 Mar 2005, Joshua Slive wrote: > Date: Tue, 15 Mar 2005 08:48:35 -0500 > From: Joshua Slive <[EMAIL PROTECTED]> > Reply-To: [email protected] > To: [email protected] > Subject: Re: feature proposal > > Jie Gao wrote: > > > Yes, there is a security concern with that setup. I can only trust > > X-Forwarded-For when the request is proxied from my front-end server. > > In addition to DW's suggestion, mod_rewrite could easily do this type of > conditional check. > > > > > Really, to think of it, this feature is a bit tricky to add: on the one > > hand, Apache knows who it is talking to and on the other hand, it needs > > to let the acl mechanism know the client is really another one. > > Which is exactly the reason this shouldn't be a core feature. Getting > the security right is tricky, and would probably be impossible to do in > a general way (without knowledge of the specific forwarding setup). > > >>is probably a module that will do it for you, however. > > > > > > I could write the module myself, but the point is I cannot touch (read: > > recompile) the backend server > > But if you have mod_so, you don't need to recompile the server. The vendors won't give you any info how their apache is configured/compiled: They won't give you apxs. Regards, Jie
