- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 15 Sep 2008 12:51:51 +1000
- To: Adrian Chadd <adrian@creative.net.au>
- Cc: ietf-http-wg@w3.org
Not sure what other intermediaries are doing here, but it seems to me that it might require a new header, since I'd imagine most software would be built with the assumption of ipv4. Such a new header would need to include ipv4 *and* 6 addresses in it (to allow the receiver to reconstruct the chain properly). If you do mint a new header, please please please don't prepend X-... Cheers, On 27/08/2008, at 10:55 PM, Adrian Chadd wrote: > > G'day, > > It strikes me that there may be a variety of software out there > expecting > IPv4-only like strings in X-Forwarded-For (and making security > decisions > based on them!) and introducing IPv6-aware intermediaries may > confuse things > somewhat. > > Squid has grown IPv6 support and from what I recall, shuffles IPv6 IP > strings into the XFF header. I'll have to re-check the code though. > > Just out of curiousity, what are other intermediaries doing for IPv6 > addresses inside X-Forwarded-For headers? > > > > > Adrian > > > -- Mark Nottingham http://www.mnot.net/
Received on Monday, 15 September 2008 02:52:30 UTC