On ons, 2008-10-22 at 15:02 +0200, Francois Cartegnie wrote: > Le mercredi 22 octobre 2008, vous avez écrit : > > Interesting, but is missing a crucial piece. There is nothign which > > establishes trust. If the same server can be reached directly without > > using the reverse proxy then security is bypassed, or if the module is > > loaded on a server not using a reverse proxy. > That's what the README and the warning in the phpinfo output are for... And everyone reads documentation... and remembers to uninstall modules no longer used.. Adding the small "trusted server" acl check isn't much code, and would make this module generic and suitable as a version 1.0. Note: The support for chains of proxies is just an idea for future improvement, not a criticism. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
