Bug#425008: apache2: handle X-FORWARDED-FOR by default
"Stefan Fritsch" <sf@sfritsch.de> writes:
>> +SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
>
> This is horribly insecure for normal setups without proxy. Any client
> could set X-Forwarded-For and modify the logged IP address.
I understand. Could this line be added and commented out so that
enabling the feature is a matter of uncommenting a line instead of
digging the web ?
Thanks for the quick reply and for maintaining apache2
--
+33 1 76 60 72 81 Loic Dachary mailto:loic@dachary.org
http://dachary.org/loic/gpg.txt sip:loic@dachary.org
Latitude: 48.86962325498033 Longitude: 2.3623046278953552
Reply to: