Re: X-Forwarded-For and HTTP2

On Thu, Jul 09, 2015 at 09:00:09AM +0000, Fedor Indutny wrote:
> Continuing my thoughts:
> 
> Adding such logic to backend also makes it impossible to
> run and test the backend without the TLS terminator, because
> it will always expect the PROXYLINE from it.

In fact not because usually implementations expect the proxy line
from well-known, trusted sources only (the offloading gateway). That
would be a security issue to require it from any source.

Willy

Received on Thursday, 9 July 2015 09:32:56 UTC