On 17 July 2016 at 16:22, adiran <[email protected]> wrote: > Ok, this makes a little more sense. So in an environment with many > smart-proxies, the IP of each one would need to be included in this regexp? > > I just assumed that foreman would take care of accepting X-Forwarded-For > from smart-proxy IPs which are registered, since it already knows about > them. >
I'm away from my desk, so I'm working from memory, but I think this predates the smart-proxy-auth system that came in later for validating things like ENC requests from valid proxies. The main issue there is that the proxy-auth relies on validating the names in the SSL certificate - templates usually aren't acquired over https, so this wouldn't work here. It might be possible to adapt / re-use some of those ideas though - I do agree that it's non-intuitive compared to how ENC/reports works. > This setting could use a little more detail in the manual, glad you recall. > Sure, feel free - https://github.com/theforeman/theforeman.org/blob/gh-pages/_includes/manuals/1.12/3.5.2_configuration_options.md :) Greg -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
