W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2015

Re: X-Forwarded-For and HTTP2

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 9 Jul 2015 11:32:27 +0200
To: Fedor Indutny <fedor@indutny.com>
Cc: Mark Nottingham <mnot@mnot.net>, Mike Bishop <Michael.Bishop@microsoft.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20150709093227.GE26380@1wt.eu> 
On Thu, Jul 09, 2015 at 09:00:09AM +0000, Fedor Indutny wrote:
> Continuing my thoughts:
> 
> Adding such logic to backend also makes it impossible to
> run and test the backend without the TLS terminator, because
> it will always expect the PROXYLINE from it.

In fact not because usually implementations expect the proxy line
from well-known, trusted sources only (the offloading gateway). That
would be a security issue to require it from any source.

Willy
Received on Thursday, 9 July 2015 09:32:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:45 UTC