Hello, I have a feature request for spiffy.
The background: I set up an awful-based web app behind an apache2 reverse proxy. Awful/spiffy is listening locally on port 8080, and apache2 delivers requests to it via mod_rewrite with the [P] (proxy) flag. Under this configuration, the spiffy call (remote-address) always returns "127.0.0.1", because all requests come from the reverse proxy. However, the true client's IP can be gotten from the http header, X-Forwarded-For. My request is that an option be added to spiffy such that 'remote-address' could make use of the X-Forwarded-For header to return the true client's IP under this kind of setup. It should not be enabled by default, because using it reliably requires the administrator to configure the list of known proxies which are to be ignored. X-Forwarded-For may contain a list of IPs, in the case that the request has been proxied more than once. The IPs are separated by ", " with the last being the most recent. Ideally, the user could give the list of known proxies in the server config, and 'remote-address' would skip over these IPs when searching through X-Forwarded-For for the true client IP. In my app, for example, I wrote the following procedure to use instead of 'remote-address', to filter out the one reverse proxy address: (define (remote-address-beyond-rproxy) (let ((r (remote-address))) (if (equal? r "127.0.0.1") (let ((xff (header-values 'x-forwarded-for (request-headers (current-request))))) (if (null? xff) r (last (string-split (car xff) " ,")))) r))) If spiffy had an option as I described above, it would be that much easier to use in situations where it is the secondary server. Thank you. -- John Foerch _______________________________________________ Chicken-users mailing list Chicken-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/chicken-users