On 06/08/2017 07:30 PM, Daniel Ruggeri wrote: > Hi, all; > With the proposal to T&R set for Monday, I wanted to draw attention to > the PROXY protocol proposal in STATUS. Just hoping for a quick review. > I know it appears to be a large change, but as I worked through the > feedback, ten of the commits effectively got coded out. What we are > left with is essentially just the donated code + safety around IPv6 + > the ability to designate subnets that do not get PROXY processing. > > This code has been around a while and I think it would be nice if we > could incorporate the donated code in the first release since being > donated. > Hi,
While I know I don't have much say in this, since I never really contributed much I still believe it would be better to specify enabling Proxy Protocol on a server, not vhost level. Because well, once you enable it in one vhost it gets enabled for all vhosts using that port/ip combination. Here is what I said before about it: Right now the patch proposes RemoteIPProxyProtocol inside a vhost config, but wouldn't it be better (since it is connection-specific) to have something like a ProxyProtocolListen directive? Where you say instead of: ------ <VirtualHost 127.0.0.1:9001> RemoteIPProxyProtocol On </VirtualHost> ------ Something like: ------ ProxyProtocolListen 127.0.0.1:9001 or ProxyProtocolEnable 127.0.0.1:9001 ------ IMHO this is much cleaner than within a vhost (because that has side-effects on other vhosts as well) What do you guys think? Regards, Sander