Interesting, but is missing a crucial piece. There is nothign which establishes trust. If the same server can be reached directly without using the reverse proxy then security is bypassed, or if the module is loaded on a server not using a reverse proxy. This needs a configuration directive indicating which addresses (hosts and/or networks) is trusted with X-Forwarded-For. When you have this you can also unwind the chain of IP addresses properly when the request passes via a chain of reverse proxies in peering relation. On ons, 2008-10-22 at 01:02 +0200, Francois Cartegnie wrote: > Hello, > > Txforward is php module providing a simple hack for deploying PHP applications > behind squid in reverse proxy (accelerator) mode. You don't need anymore > X-Forward header aware applications. > http://fcartegnie.free.fr/patchs/txforward.html > > PS: but you'll still need to fix your webserver logs :) > > Greetings, > > Francois
Attachment:
signature.asc
Description: This is a digitally signed message part
