Re: [squid-users] Wrong IP number inserted into Forwarded-For header

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 2 May 2002 15:47:46 +0200

Richard Barrett wrote:

> Looks like Apache is not RFC compliant in this respect. I'll let the folks
> there know.

If Apache is RFC compliant or not depends on how they deal with this
"per-connection record" information when there is conflicting requests on the
same connection.

Apache cannot be blaimed for the X-Forwarded-For IP spoofing not working.
That is a hack module trying to spoof Apache into a situation that normally
cannot ever happen (the IP address of the connection changes while the same
connection is open). IP address information is a per-connection property by
nature of HTTP.

I don't know the Apache internals to even speculate on what "connection
record" parameters you think may be in conflict between different requests on
the same connection.

Regards
Henrik
Received on Thu May 02 2002 - 07:47:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:52 MST