Aye, I had originally added the support for PROXY in remoteip since... well... 
it's used to extract remote IP info. The funny part is that I had committed my 
additions within an hour of the third party code being donated and incorporated 
without realizing it... so I removed my changes and added this code into 
remoteip with some small fixes.

I'm a bit confused. I don't recall so much opposition to this being in 
remoteip. It seems reasonable to me since it's just another way to get remote 
client IP information from the connection versus an HTTP header. Worth pointing 
out is that it can be argued that both are operating at layer 7 since there 
doesn't seem to be universal agreement as to whether TLS is layer 6 or 7... one 
method of IP extraction just happens to be layer 7 data that proceeds TLS while 
the other is layer 7 data wrapped in TLS inside an HTTP request. Academic 
discussion of OSI layers aside, it still feels "right" to me as a user and 
server admin to expect mod_remoteip to be the one place I would go to enable 
extraction of remote IP info. I'm not exactly firm on this... I would rather 
just see the functionality in the server... but hopefully that at least 
clarifies how we wound up in this neighborhood to begin with.

As for the whitelist/blacklist thoughts, I don't completely follow the 
preference for enabling specific ranges and also having a blacklist rather than 
the current "enable for everything except these ranges". Bill, can you add a 
bit more color here? We're probably closer in thought process than not... I 
just can't connect the dots. To my knowledge, we are the only server even 
evaluating something more than just on or off... which I think is pretty cool 
and a sign of innovation.

Personally, I want to see this in the server... It appears we have either 
silent opposition to the patch or just a lack of interest from other 
committers, so I appreciate that Stefan is pointing these things out. I *hope* 
I can spend some time on it in the coming weeks, but I've been poking at this 
particular patch for about a year now and have a short attention span. 
Hopefully enough feedback and work can be done soon to get *someone* 
comfortable enough for another +1.
Daniel Ruggeri

On December 13, 2017 6:19:43 AM CST, William A Rowe Jr <wr...@rowe-clan.net> 
>On Wed, Dec 13, 2017 at 6:17 AM, Jim Jagielski <j...@jagunet.com> wrote:
>> On Dec 13, 2017, at 1:02 AM, Jordan Gigov <colad...@gmail.com> wrote:
>> On 12 December 2017 at 11:32, Stefan Eissing
>> wrote:
>>> Fellow Apache developers: if we want to make an X-mas 2.4 release
>for the
>>> people on this planet, the backports in STATUS need your attention:
>>> B2: mod_remoteip: Add PROXY protocol support
>>>   - needs 1 more vote!
>> I find that trying to have both Proxy Protocol and the old remoteip
>> functionality in the same mod is harder to maintain. I propose that
>they be
>> split up before an official release.
>> IIRC, that was the way it was. OtherBill wanted the functionality
>> in mod_remoteip.
>Oh, no, you most definitely mis-remember. It was presented as a
>addition from the get-go.

Reply via email to