[Bug 61355] DirectorySlash directive should use protocol in X-Forwarded-Proto header when available

bugzilla Fri, 14 Dec 2018 10:33:48 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=61355


William A. Rowe Jr. <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #2 from William A. Rowe Jr. <wr...@apache.org> ---
It should be noted that this introduces a monstrous security hole.

mod_remoteip uses explicit lists of trusted peers to pass valid X-F-F data for
interpretation. This hack is no different in trust requirements in order for
the
project to consider this submission.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 61355] DirectorySlash directive should use protocol in X-Forwarded-Proto header when available

Reply via email to