> Not necessarily. The closest immediate proxy is the last entry in that > list. You might not trust all of the machines in that proxy chain to provide > legitimate IP details.
In my case, x-forwarded-for: 1.2.3.4, 10.122.47.36, 1.2.3.4 was my browser IP and 10.122.47.36 EC2 IP. the Valve is not activated by default and should only be used in Amazon Load Balancing case. > mod_remoteip has the concept of trusted vs. untrusted proxies, where only the > trusted ones will be allowed to present the next-immediate-left IP address as > a legitimate proxy address, and that IP is then compared to the trust list. > So you might trust yahoo or google's proxy servers, but not your typically > pwned user PC which is relaying spam or being employed as a DDoS agent. x-forwarded-server: domU-12-31-38-00-B2-08.compute-1.internal is a trusted server, aka EC2 box. So +1 to have this on RemoteIpFilter/Valve, an uniq filter/valve to handle such cases. Mark to you need code contribution on RemoteIp Valve ? --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
