On 08.05.2013 12:21, Sander Klein wrote:
Hey,
You have the optional argument "if-none" for "option forwardfor",
but you should not do this with external proxies whose addresses
you don't know because anyone could pass one and fool you.
This doesnt feel like a good option ;-)
In practice you would need them to pass you some information to
prove the request comes from them. The best way to do this is to
do it over ssl.
Well, I know which networks they are using since the provide them on
their website. That might be prove enough
I didn't test if it's possible to do 'option forwardfor except
192.168.1.0/24 192.168.2.0/24 etc...'
Even better would be to load it from a file.
Maybe the option from Finn Arne Gangstad might prove good enough for
me and I can fix it with some reqidel statements.
I just found out that they also send an CF-Connecting-IP header. Is
there a way to copy the contents of this header to the X-Forwarded-For
header?
Regards,
Sander
