Hi,
Alternatively, you could
accept X-Forwarded-For by default when the remote address is the local host. That should take care of the most common setup.
Yes, when X-Forwarded-For is not the localhost, and Remote_Address is the localhost. Most probably this is not IP forgery in this case. It might be a good idea to cut the X-FORWARDED-* headers by the webserver if it does not sit behind a reverse proxy.
And more important, please take into consideration the HTTP_FORWARDED_REQUEST_URI (if present). Without it all links generated by fossil are wrong , they miss exactly the proxied URL base.
-Alexandru Toth www.snowflakejoins.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
