Bug#425008: apache2: handle X-FORWARDED-FOR by default

To: "Stefan Fritsch" <sf@sfritsch.de>
Cc: 425008@bugs.debian.org
Subject: Bug#425008: apache2: handle X-FORWARDED-FOR by default
From: Loic Dachary <loic@dachary.org>
Date: Fri, 18 May 2007 17:17:55 +0200
Message-id: <[🔎] 87hcqaxisc.fsf@call.dachary.org>
Reply-to: Loic Dachary <loic@dachary.org>, 425008@bugs.debian.org
In-reply-to: <[🔎] 21427.217.111.53.98.1179495790.squirrel@eru.sfritsch.de> (Stefan Fritsch's message of "Fri, 18 May 2007 15:43:10 +0200 (CEST)")
References: <[🔎] 87veeqxpnr.fsf@call.dachary.org> <[🔎] 21427.217.111.53.98.1179495790.squirrel@eru.sfritsch.de>

"Stefan Fritsch" <sf@sfritsch.de> writes:

>> +SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
>
> This is horribly insecure for normal setups without proxy. Any client
> could set X-Forwarded-For and modify the logged IP address.

  I understand. Could this line be added and commented out so that
enabling the feature is a matter of uncommenting a line instead of 
digging the web ?

  Thanks for the quick reply and for maintaining apache2

-- 
+33 1 76 60 72 81  Loic Dachary mailto:loic@dachary.org
http://dachary.org/loic/gpg.txt sip:loic@dachary.org
Latitude: 48.86962325498033 Longitude: 2.3623046278953552

Reply to:

References:
- Bug#425008: apache2: handle X-FORWARDED-FOR by default
  - From: Loic Dachary (OuoU) <loic@debian.org>
- Bug#425008: apache2: handle X-FORWARDED-FOR by default
  - From: "Stefan Fritsch" <sf@sfritsch.de>

Prev by Date: Bug#425008: apache2: handle X-FORWARDED-FOR by default
Next by Date: [bts-link] source package apache2
Previous by thread: Bug#425008: apache2: handle X-FORWARDED-FOR by default
Next by thread: Bug#419552: /etc/apache2/README is missing
Index(es):
- Date
- Thread