"Stefan Fritsch" <[EMAIL PROTECTED]> writes:
>> +SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
>
> This is horribly insecure for normal setups without proxy. Any client
> could set X-Forwarded-For and modify the logged IP address.
I understand. Could this line be added and commented out so th
> +SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
This is horribly insecure for normal setups without proxy. Any client
could set X-Forwarded-For and modify the logged IP address.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: apache2
Version: 2.2.3-3.3
Severity: wishlist
When running apache2 from behind a proxy, the default log format
does not honor the X-Forwarded-For header. The attached patch modifies
the default format so that it is honored when present and has no effect
when not present.
--- a/etc/apache
3 matches
Mail list logo
