[Catalyst] Re: X-Forwarded-For
Bill Moseley
moseley at hank.org
Wed Apr 2 13:59:43 BST 2008
On Wed, Apr 02, 2008 at 11:45:59AM +0100, Dagfinn Ilmari Mannsåker wrote:
> Bill Moseley <moseley at hank.org> writes:
>
> > On Tue, Apr 01, 2008 at 11:38:15PM -0400, Andy Grundman wrote:
> >>
> >> When using X-Forwarded-For you cannot trust any value that is not
> >> added by your own upstream proxy, so we only want to use the last
> >> value in the list.
> >
> > Ah, right. In this case I've got more than one proxy which
> > that code doesn't expect. I can find a work-around.
>
> How about patching C::Engine::Apache to take a list of proxy IPs in its
> config and use the last IP in the header that is not among these?
Yes, that's probably the best solution.
For now I need to fix-up the proxy headers for use with Perlbal
anyway, so I'll just override prepare_headers and update
$c->req->address there.
But speaking of patching, there's this bit of code to not include the
default port:
if ( $port != 80 && $host !~ /:/ ) {
$host .= ":$port";
}
What about the same for 443 and https? Most browsers will remove the
default port, so not a huge issue. But, something like:
unless ( $host =~ /:/ ) {
$host .= ":$port"
if ( $c->req->secure && $port != 443 )
|| ( !$c->req->secure && $port != 80 )
}
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list