- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 9 Jul 2015 11:32:27 +0200
- To: Fedor Indutny <fedor@indutny.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Mike Bishop <Michael.Bishop@microsoft.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Thu, Jul 09, 2015 at 09:00:09AM +0000, Fedor Indutny wrote: > Continuing my thoughts: > > Adding such logic to backend also makes it impossible to > run and test the backend without the TLS terminator, because > it will always expect the PROXYLINE from it. In fact not because usually implementations expect the proxy line from well-known, trusted sources only (the offloading gateway). That would be a security issue to require it from any source. Willy
Received on Thursday, 9 July 2015 09:32:56 UTC