Aye, I had originally added the support for PROXY in remoteip since... well... it's used to extract remote IP info. The funny part is that I had committed my additions within an hour of the third party code being donated and incorporated without realizing it... so I removed my changes and added this code into remoteip with some small fixes.
I'm a bit confused. I don't recall so much opposition to this being in remoteip. It seems reasonable to me since it's just another way to get remote client IP information from the connection versus an HTTP header. Worth pointing out is that it can be argued that both are operating at layer 7 since there doesn't seem to be universal agreement as to whether TLS is layer 6 or 7... one method of IP extraction just happens to be layer 7 data that proceeds TLS while the other is layer 7 data wrapped in TLS inside an HTTP request. Academic discussion of OSI layers aside, it still feels "right" to me as a user and server admin to expect mod_remoteip to be the one place I would go to enable extraction of remote IP info. I'm not exactly firm on this... I would rather just see the functionality in the server... but hopefully that at least clarifies how we wound up in this neighborhood to begin with. As for the whitelist/blacklist thoughts, I don't completely follow the preference for enabling specific ranges and also having a blacklist rather than the current "enable for everything except these ranges". Bill, can you add a bit more color here? We're probably closer in thought process than not... I just can't connect the dots. To my knowledge, we are the only server even evaluating something more than just on or off... which I think is pretty cool and a sign of innovation. Personally, I want to see this in the server... It appears we have either silent opposition to the patch or just a lack of interest from other committers, so I appreciate that Stefan is pointing these things out. I *hope* I can spend some time on it in the coming weeks, but I've been poking at this particular patch for about a year now and have a short attention span. Hopefully enough feedback and work can be done soon to get *someone* comfortable enough for another +1. -- Daniel Ruggeri On December 13, 2017 6:19:43 AM CST, William A Rowe Jr <wr...@rowe-clan.net> wrote: >On Wed, Dec 13, 2017 at 6:17 AM, Jim Jagielski <j...@jagunet.com> wrote: >> >> On Dec 13, 2017, at 1:02 AM, Jordan Gigov <colad...@gmail.com> wrote: >> >> On 12 December 2017 at 11:32, Stefan Eissing ><stefan.eiss...@greenbytes.de> >> wrote: >>> >>> Fellow Apache developers: if we want to make an X-mas 2.4 release >for the >>> people on this planet, the backports in STATUS need your attention: >>> >>> B2: mod_remoteip: Add PROXY protocol support >>> - needs 1 more vote! >>> >> I find that trying to have both Proxy Protocol and the old remoteip >> functionality in the same mod is harder to maintain. I propose that >they be >> split up before an official release. >> >> >> IIRC, that was the way it was. OtherBill wanted the functionality >> in mod_remoteip. > >Oh, no, you most definitely mis-remember. It was presented as a >remoteip >addition from the get-go.
