Am 07.11.2014 um 10:30 schrieb Thomas Bruederli:
Pretty good but please be aware that $_SERVER['REMOTE_ADDR'] doesn't reflect the client IP if your webserver is behind a reverse proxy or load balancer. There's rcube_utils::remote_addr() which extracts the real client IP from the headers such intermediate systems add to the request
in a sane setup it does http://httpd.apache.org/docs/2.4/mod/mod_remoteip.htmlrcube_utils::remote_addr() is dangerous, the X-Forwarded-For is not trustable and hence "mod_remoteip" or for older Apache versions "mod_rpaf" - the important difference is that:
a) the serveradmin knows the server is behind a proxy b) the serveradmin knows the IP of the proxy c) what remote_addr() does happens transparent d) and it happens in a trustable way
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
