Project

General

Profile

Actions
Copy link

Feature #128

closed

restore REMOTE_ADDR from headers X-Forwarded-For or X-Real-IP

Added by Anonymous almost 19 years ago. Updated over 15 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

Hello,

Will be very good to have possibility to restore REMOTE_ADDR from headers X-Forwarded-For or X-Real-IP on backends where used lighttpd, or use any header that was set to restore real ip from.

I think this will be very useful feature for lighttpd.

Thanks.

-- rapaman

Actions
Copy link
 #1

Updated by Anonymous almost 19 years ago

This will allow anyone to fake their IP address by adding the X-Forwarded-For header.

-- andreas

Actions
Copy link
 #2

Updated by Anonymous over 17 years ago

Take a look at http://web.warhound.org/mod_extract_forwarded/ to see how Apache handles this. Basically, you need to add a config file directive listing which hosts (i.e., your proxies and load balancers) are allowed to set X-Forwarded-For.

Yeah, it's still possible to spoof, but it was possible to spoof the incoming IP in the first place.

Actions
Copy link
 #3

Updated by stbuehler over 15 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed
Actions
Copy link

Also available in: Atom