Re: I-D draft-petersson-forwarded-for-00.txt

On Tue, 19 Apr 2011 07:53:33 +0000
"Poul-Henning Kamp" <phk@phk.freebsd.dk> wrote:

> In message <8F735513-6A44-4043-B7DA-EAE1E2FD1A0D@mnot.net>, Mark Nottingham wri
> tes:
> 
> >> Forwarded: for=5.6.7.8:3456, for=8.9.1.2;by=4.5.6.7
> >> Forwarded: for=1.2.3.4:5678;by=4.3.2.1:3128;proto=https
> 
> This format needs a strict definition to be unambigious.
> 
> For instance, if the first proxy adds only "for" and the next adds
> only "by", there is no way to tell if one or two proxies were
> involved.

One proxy should add one element, which is a list of key=values
separated by semicolon.

Two proxies:
Forwarded: for=1.2.3.4, by=4.5.6.7

One proxy:
Forwarded: for=1.2.3.4; by=4.5.6.7

Or do I miss something?


> I still think it is a better idea that each proxy adds exactly one
> element, and that the single element contains whatever information
> the proxy is willing to disclose.

Can you give an example of how such an element would look like?
Only sending the IP-address of the client you are forwarding for would
maybe be the cleanest, but there seems to be a need for disclosing
other information too when proxying. That information would need to be
connected to the forwarded-for somehow. 

E.g:
Forwarded-For: 1.2.3.4, 5.6.7.8
X-Forwarded-By: 3.4.5.6

would be ambiguous.

I am afraid that one will sooner or later see the need for
standardizing also X-Fowarded-(By|Proto|Host ...) and doing that and
keeping the format of Forwarded-For would be hard. 
I don't think it'd be a good situation if we had yet another way of
disclosing such information, therefore maybe it's better to support all
of them here? 


/Andreas Petersson

Received on Tuesday, 19 April 2011 09:10:25 UTC