On Wed, Feb 15, 2017 at 9:02 AM, Sander Hoentjen <san...@hoentjen.eu> wrote: > > mod_remote ip has: > /* mod_proxy creates outgoing connections - we don't want those */ > if (!remoteip_is_server_port(c->local_addr->port)) { > return DECLINED; > } > I am guessing something similar is needed for h2 connections?
I suspect that the mod_remoteip logic is wrong, that it should be guarding against any subordinate connections and examining only explicitly configured ports / origin IPs. the PROXY protocol is not part of the HTTP protocol and incompatible with it, so the trust list logic isn't directly compatible (this is clearly explained in the PROXY pseudo-RFC.)