On Wed, Feb 1, 2012 at 11:31 PM, Alvaro Lopez Ortega <[email protected]>wrote:
> On 02/01/2012 01:11 PM, jlan wrote: > >> >> I can't use loadbalancer ip, but i can't leave x-Forwarded-For without >> any content, is there a huge security issue or i'm being paranoic? >> > > Do not enable X-Forwarded-For without checking the origin. That'd allow > anyone to send requests to your server faking his IP. The integrity of your > log files would be jeopardized. > > I think it'd be acceptable if all requests are going via the load balancer. In this case, the last value in X-Forwarded-For will *always *be from the load balancer, so you could trust it.
_______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
