On Tue, Sep 22, 2015 at 8:48 PM, Eric Covener <[email protected]> wrote:
> Maybe my followup is better phrased. No issue with handling of internal > IPs. > > Currently, we act like RemoteIPTrustedProxy * by default (once they've > named the XFF header) and warn people they'd better restrict it. > I agree that was not the original design and we should address it with a fix rather than a docs fix, IMHO. 'Trusted' is the exception, not the general case.
