Package: apache2
Version: 2.2.3-3.3
Severity: wishlist
When running apache2 from behind a proxy, the default log format
does not honor the X-Forwarded-For header. The attached patch modifies
the default format so that it is honored when present and has no effect
when not present.
---
+SetEnvIfNoCase X-Forwarded-For . from_proxy=1
This is horribly insecure for normal setups without proxy. Any client
could set X-Forwarded-For and modify the logged IP address.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Stefan Fritsch [EMAIL PROTECTED] writes:
+SetEnvIfNoCase X-Forwarded-For . from_proxy=1
This is horribly insecure for normal setups without proxy. Any client
could set X-Forwarded-For and modify the logged IP address.
I understand. Could this line be added and commented out so that
#
# bts-link upstream status pull for source package apache2
# see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
#
user [EMAIL PROTECTED]
# remote status report for #353443
# * http://issues.apache.org/bugzilla/show_bug.cgi?id=12355
# * remote status changed: (?) -
The /etc/apache2/README file from sarge's apache2-common should be part
of edgy's apache2.2-common as well.
--Ted
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
5 matches
Mail list logo