Re: mood_remoteip ProxyProtocol addition

On 02/08/2017 01:00 AM, Reindl Harald wrote: > > > Am 08.02.2017 um 00:44 schrieb Yann Ylavic: >> On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic >> wrote: >>> On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald >>> wrote: how can you trust as a

Re: mood_remoteip ProxyProtocol addition

On 8 February 2017 at 01:44, Yann Ylavic wrote: > Actually, I'm not really opposed to set HTTPS=on (according to > mod_remoteip) in the environment *given to the script/CGI* only, if > that's the trigger for it to do the desired thing, this won't be used > by httpd

Re: mood_remoteip ProxyProtocol addition

Am 08.02.2017 um 00:44 schrieb Yann Ylavic: On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote: On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: how can you trust as a php application developer that "X-Forwarded-Proto" is trustable and

Re: mood_remoteip ProxyProtocol addition

On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote: > On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: >> >> how can you trust as a php application developer that "X-Forwarded-Proto" is >> trustable and not from the enduser client at all - for

Re: mood_remoteip ProxyProtocol addition

On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: > > how can you trust as a php application developer that "X-Forwarded-Proto" is > trustable and not from the enduser client at all - for REMOTE_ADDR you don't > consider "X-Forwarded-For" exactly for that reason I'm

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 23:50 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote: Am 07.02.2017 um 22:53 schrieb Yann Ylavic: I mean the application can know about "X-Forwarded-Proto or whatever" header, it could act with it like it does with

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote: > > Am 07.02.2017 um 22:53 schrieb Yann Ylavic: >> >> I mean the application can know about "X-Forwarded-Proto or whatever" >> header, it could act with it like it does with HTTPS=on (if it >> wishes) > > for that you

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 22:53 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote: On 7 February 2017 at 22:33, Yann Ylavic wrote: I'm a bit reluctant with these patches, and probably need to be convinced this isn't an application

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 21:33 schrieb Yann Ylavic: My point is that we are not changing/masquarading something which is remote here (like the client IP address), we are making so that the applications and httpd itself think they are locally talking SSL/TLS. Thus they will send things like "; Secure"

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote: > On 7 February 2017 at 22:33, Yann Ylavic wrote: >> I'm a bit reluctant with these patches, and probably need to be >> convinced this isn't an application issue in the first place (why not >> use

Re: mood_remoteip ProxyProtocol addition

On 7 February 2017 at 22:33, Yann Ylavic wrote: > I'm a bit reluctant with these patches, and probably need to be > convinced this isn't an application issue in the first place (why not > use X-Forwarded-Proto or alike to achieve the same? i.e. generate > https links...), or

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 7:03 PM, Jordan Gigov wrote: > On 7 February 2017 at 18:08, Sander Hoentjen wrote: >> >> I am trying to have haproxy added in front of our Apache servers, for >> SSL termination. This is not hard to do, and especially with the recent

Re: mood_remoteip ProxyProtocol addition

On 7 February 2017 at 18:08, Sander Hoentjen wrote: > Hi guys, > > I am trying to have haproxy added in front of our Apache servers, for > SSL termination. This is not hard to do, and especially with the recent > addition of ProxyProtocol support to mod_remoteip it works