Perlbal, Squid & X-Forwarded-For
kate.turner at gmail.com
Thu Jan 13 10:30:53 PST 2005
Hi Brad. Thanks for the quick reply :-)
On Thu, 13 Jan 2005 10:12:35 -0800 (PST), Brad Fitzpatrick
<brad at danga.com> wrote:
> By default we don't trust X-Forwarded-For from clients because we assume
> upstream is an end-user that might be lying to us, and not a trusted Squid
> or whatnot.
*nod*. We actually pass X-F-F through squid (so the client can supply
their own, too..) but filter it at the backend. I see this isn't the
best behaviour for everyone though :-)
> In the CVS version, you can set "trusted_upstreams" to true/1/on for a
> service and its X-Forwarded-For is used instead of Perlbal replacing it.
That sounds good. I'll see if I can have a look at this later...
> As for appending a new one all the time, that'd be an easy change... just
> modify lib/Perlbal/BackendHTTP.pm where it deals with X-Forwarded-For and
> trusted, perhaps?
Hm.. if trusted_upstreams simply passes it through untouched, I think
that should work fine as-is - the backend doesn't care whether it
went through perlbal or not.
> - Brad
More information about the perlbal