On 02/08/2017 01:00 AM, Reindl Harald wrote:
>
>
> Am 08.02.2017 um 00:44 schrieb Yann Ylavic:
>> On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic
>> wrote:
>>> On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald
>>> wrote:
how can you trust as a
On 8 February 2017 at 01:44, Yann Ylavic wrote:
> Actually, I'm not really opposed to set HTTPS=on (according to
> mod_remoteip) in the environment *given to the script/CGI* only, if
> that's the trigger for it to do the desired thing, this won't be used
> by httpd
Am 08.02.2017 um 00:44 schrieb Yann Ylavic:
On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote:
On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote:
how can you trust as a php application developer that "X-Forwarded-Proto" is
trustable and
On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote:
> On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote:
>>
>> how can you trust as a php application developer that "X-Forwarded-Proto" is
>> trustable and not from the enduser client at all - for
On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote:
>
> how can you trust as a php application developer that "X-Forwarded-Proto" is
> trustable and not from the enduser client at all - for REMOTE_ADDR you don't
> consider "X-Forwarded-For" exactly for that reason
I'm
Am 07.02.2017 um 23:50 schrieb Yann Ylavic:
On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote:
Am 07.02.2017 um 22:53 schrieb Yann Ylavic:
I mean the application can know about "X-Forwarded-Proto or whatever"
header, it could act with it like it does with
On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote:
>
> Am 07.02.2017 um 22:53 schrieb Yann Ylavic:
>>
>> I mean the application can know about "X-Forwarded-Proto or whatever"
>> header, it could act with it like it does with HTTPS=on (if it
>> wishes)
>
> for that you
Am 07.02.2017 um 22:53 schrieb Yann Ylavic:
On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote:
On 7 February 2017 at 22:33, Yann Ylavic wrote:
I'm a bit reluctant with these patches, and probably need to be
convinced this isn't an application
Am 07.02.2017 um 21:33 schrieb Yann Ylavic:
My point is that we are not changing/masquarading something which is
remote here (like the client IP address), we are making so that the
applications and httpd itself think they are locally talking SSL/TLS.
Thus they will send things like "; Secure"
On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote:
> On 7 February 2017 at 22:33, Yann Ylavic wrote:
>> I'm a bit reluctant with these patches, and probably need to be
>> convinced this isn't an application issue in the first place (why not
>> use
On 7 February 2017 at 22:33, Yann Ylavic wrote:
> I'm a bit reluctant with these patches, and probably need to be
> convinced this isn't an application issue in the first place (why not
> use X-Forwarded-Proto or alike to achieve the same? i.e. generate
> https links...), or
On Tue, Feb 7, 2017 at 7:03 PM, Jordan Gigov wrote:
> On 7 February 2017 at 18:08, Sander Hoentjen wrote:
>>
>> I am trying to have haproxy added in front of our Apache servers, for
>> SSL termination. This is not hard to do, and especially with the recent
On 7 February 2017 at 18:08, Sander Hoentjen wrote:
> Hi guys,
>
> I am trying to have haproxy added in front of our Apache servers, for
> SSL termination. This is not hard to do, and especially with the recent
> addition of ProxyProtocol support to mod_remoteip it works
Hi guys,
I am trying to have haproxy added in front of our Apache servers, for
SSL termination. This is not hard to do, and especially with the recent
addition of ProxyProtocol support to mod_remoteip it works almost as we
need it.
Unfortunately we have a lot of users that use things like:
14 matches
Mail list logo