osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61355] DirectorySlash directive should use protocol in X-Forwarded-Proto header when available


https://bz.apache.org/bugzilla/show_bug.cgi?id=61355

William A. Rowe Jr. <wrowe@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #2 from William A. Rowe Jr. <wrowe@xxxxxxxxxx> ---
It should be noted that this introduces a monstrous security hole.

mod_remoteip uses explicit lists of trusted peers to pass valid X-F-F data for
interpretation. This hack is no different in trust requirements in order for
the
project to consider this submission.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx