Re: mood_remoteip ProxyProtocol addition

On 02/08/2017 01:00 AM, Reindl Harald wrote: > > > Am 08.02.2017 um 00:44 schrieb Yann Ylavic: >> On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic >> wrote: >>> On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald >>> wrote: how can you trust as a

Re: mood_remoteip ProxyProtocol addition

On 8 February 2017 at 01:44, Yann Ylavic wrote: > Actually, I'm not really opposed to set HTTPS=on (according to > mod_remoteip) in the environment *given to the script/CGI* only, if > that's the trigger for it to do the desired thing, this won't be used > by httpd

Re: mood_remoteip ProxyProtocol addition

Am 08.02.2017 um 00:44 schrieb Yann Ylavic: On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote: On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: how can you trust as a php application developer that "X-Forwarded-Proto" is trustable and

Re: mood_remoteip ProxyProtocol addition

On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote: > On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: >> >> how can you trust as a php application developer that "X-Forwarded-Proto" is >> trustable and not from the enduser client at all - for

Re: mood_remoteip ProxyProtocol addition

On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: > > how can you trust as a php application developer that "X-Forwarded-Proto" is > trustable and not from the enduser client at all - for REMOTE_ADDR you don't > consider "X-Forwarded-For" exactly for that reason I'm

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 23:50 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote: Am 07.02.2017 um 22:53 schrieb Yann Ylavic: I mean the application can know about "X-Forwarded-Proto or whatever" header, it could act with it like it does with

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote: > > Am 07.02.2017 um 22:53 schrieb Yann Ylavic: >> >> I mean the application can know about "X-Forwarded-Proto or whatever" >> header, it could act with it like it does with HTTPS=on (if it >> wishes) > > for that you

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 22:53 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote: On 7 February 2017 at 22:33, Yann Ylavic wrote: I'm a bit reluctant with these patches, and probably need to be convinced this isn't an application

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 21:33 schrieb Yann Ylavic: My point is that we are not changing/masquarading something which is remote here (like the client IP address), we are making so that the applications and httpd itself think they are locally talking SSL/TLS. Thus they will send things like "; Secure"

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote: > On 7 February 2017 at 22:33, Yann Ylavic wrote: >> I'm a bit reluctant with these patches, and probably need to be >> convinced this isn't an application issue in the first place (why not >> use

Re: mood_remoteip ProxyProtocol addition

On 7 February 2017 at 22:33, Yann Ylavic wrote: > I'm a bit reluctant with these patches, and probably need to be > convinced this isn't an application issue in the first place (why not > use X-Forwarded-Proto or alike to achieve the same? i.e. generate > https links...), or

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 7:03 PM, Jordan Gigov wrote: > On 7 February 2017 at 18:08, Sander Hoentjen wrote: >> >> I am trying to have haproxy added in front of our Apache servers, for >> SSL termination. This is not hard to do, and especially with the recent

Re: mood_remoteip ProxyProtocol addition

On 7 February 2017 at 18:08, Sander Hoentjen wrote: > Hi guys, > > I am trying to have haproxy added in front of our Apache servers, for > SSL termination. This is not hard to do, and especially with the recent > addition of ProxyProtocol support to mod_remoteip it works

mood_remoteip ProxyProtocol addition

Hi guys, I am trying to have haproxy added in front of our Apache servers, for SSL termination. This is not hard to do, and especially with the recent addition of ProxyProtocol support to mod_remoteip it works almost as we need it. Unfortunately we have a lot of users that use things like: