On 21 Mar 2012, at 21:46, Stefan Fritsch wrote: > But one thing that would be very interesting in this case, namely the > X-Forwarded-For header, is something that most admins of a reverse-proxied > site do NOT want to disclose at the end-point. They may also not want to > reveal other headers sent from the reverse proxy to the end-point.
The same may apply to Via: … and in both cases the answer may be to disable or restrict the TRACE method. But isn't this more a documentation issue than an argument for changing the compiled-in default? -- Tim Bannister – [email protected]
smime.p7s
Description: S/MIME cryptographic signature
