[Catalyst] Re: X-Forwarded-For
Dagfinn Ilmari Mannsåker
ilmari at ilmari.org
Wed Apr 2 11:45:59 BST 2008
Bill Moseley <moseley at hank.org> writes:
> On Tue, Apr 01, 2008 at 11:38:15PM -0400, Andy Grundman wrote:
>>
>> When using X-Forwarded-For you cannot trust any value that is not
>> added by your own upstream proxy, so we only want to use the last
>> value in the list.
>
> Ah, right. In this case I've got more than one proxy which
> that code doesn't expect. I can find a work-around.
How about patching C::Engine::Apache to take a list of proxy IPs in its
config and use the last IP in the header that is not among these?
--
ilmari
"A disappointingly low fraction of the human race is,
at any given time, on fire." - Stig Sandbeck Mathisen
More information about the Catalyst
mailing list