Interesting, but is missing a crucial piece. There is nothign which
establishes trust. If the same server can be reached directly without
using the reverse proxy then security is bypassed, or if the module is
loaded on a server not using a reverse proxy.
This needs a configuration directive indicating which addresses (hosts
and/or networks) is trusted with X-Forwarded-For.
When you have this you can also unwind the chain of IP addresses
properly when the request passes via a chain of reverse proxies in
peering relation.
On ons, 2008-10-22 at 01:02 +0200, Francois Cartegnie wrote:
> Hello,
>
> Txforward is php module providing a simple hack for deploying PHP applications
> behind squid in reverse proxy (accelerator) mode. You don't need anymore
> X-Forward header aware applications.
> http://fcartegnie.free.fr/patchs/txforward.html
>
> PS: but you'll still need to fix your webserver logs :)
>
> Greetings,
>
> Francois
This archive was generated by hypermail 2.2.0 : Wed Oct 22 2008 - 12:00:05 MDT