Vincent Lee writes:
> I wasn't aware relative redirects were a thing now! In that case,
> I think this is a better solution than reading X-Forwarded-Proto.
> Thanks for the discussion!
Committed with OK claudio@ off-list. Thanks for pointing this out,
Vincent.
-dv
Dave Voutila writes:
> Claudio Jeker writes:
>
>> On Wed, Apr 28, 2021 at 09:55:16AM -0400, Dave Voutila wrote:
>>>
>>> Claudio Jeker writes:
>>>
>>> > On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote:
>>> >>
>>> >> Claudio Jeker writes:
>>> >>
>>> >> > Another thing to consider is t
Claudio Jeker writes:
> On Wed, Apr 28, 2021 at 09:55:16AM -0400, Dave Voutila wrote:
>>
>> Claudio Jeker writes:
>>
>> > On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote:
>> >>
>> >> Claudio Jeker writes:
>> >>
>> >> > Another thing to consider is that X-Forwarded headers should onl
On Wed, Apr 28, 2021 at 09:55:16AM -0400, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote:
> >>
> >> Claudio Jeker writes:
> >>
> >> > Another thing to consider is that X-Forwarded headers should only be
> >> > accepted from trusted
Claudio Jeker writes:
> On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote:
>>
>> Claudio Jeker writes:
>>
>> > Another thing to consider is that X-Forwarded headers should only be
>> > accepted from trusted sources. I don't think this particular usage of
>> > X-Forwarded-Proto is prob
On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote:
>
> Claudio Jeker writes:
>
> > Another thing to consider is that X-Forwarded headers should only be
> > accepted from trusted sources. I don't think this particular usage of
> > X-Forwarded-Proto is probelmatic. In the end for this pa
Claudio Jeker writes:
> Another thing to consider is that X-Forwarded headers should only be
> accepted from trusted sources. I don't think this particular usage of
> X-Forwarded-Proto is probelmatic. In the end for this particular case of
> redirect using a relative URL seems to be a better cho
On Tue, Apr 27, 2021 at 04:34:18PM -0400, Dave Voutila wrote:
>
> Stuart Henderson writes:
>
> > On 2021/04/27 10:40, Vincent Lee wrote:
> >>
> >> Hi all,
> >>
> >> Consider the following situation. A reverse proxy which performs TLS
> >> termination is deployed in front of httpd, which listens u
On Tue Apr 27, 2021 at 4:55 PM EDT, Stuart Henderson wrote:
> It's the other way round, this (or proto= in the newer standardised
> Forwarded header) would be set by a reverse proxy to indicate the
> protocol that the client request came in on so that something running on
> the webserver could reac
On 2021/04/27 16:23, Raymond E. Pasco wrote:
> On Tue Apr 27, 2021 at 3:40 PM EDT, Stuart Henderson wrote:
> > How does this work with other web servers? For example, I don't see the
> > string X-Forwarded-Proto in nginx or Apache httpd (and the use of other
> > X-Forwarded headers in them are only
On Tue Apr 27, 2021 at 3:40 PM EDT, Stuart Henderson wrote:
> How does this work with other web servers? For example, I don't see the
> string X-Forwarded-Proto in nginx or Apache httpd (and the use of other
> X-Forwarded headers in them are only for adding to requests when running
> as a proxy its
Stuart Henderson writes:
> On 2021/04/27 10:40, Vincent Lee wrote:
>>
>> Hi all,
>>
>> Consider the following situation. A reverse proxy which performs TLS
>> termination is deployed in front of httpd, which listens unencrypted on
>> localhost.
>>
>> There is code in httpd to handle the case wh
On 2021/04/27 10:40, Vincent Lee wrote:
>
> Hi all,
>
> Consider the following situation. A reverse proxy which performs TLS
> termination is deployed in front of httpd, which listens unencrypted on
> localhost.
>
> There is code in httpd to handle the case where a directory is accessed,
> but
Vincent Lee writes:
> Hi all,
>
> Consider the following situation. A reverse proxy which performs TLS
> termination is deployed in front of httpd, which listens unencrypted on
> localhost.
>
> There is code in httpd to handle the case where a directory is accessed,
> but the path named does no
Hi all,
Consider the following situation. A reverse proxy which performs TLS
termination is deployed in front of httpd, which listens unencrypted on
localhost.
There is code in httpd to handle the case where a directory is accessed,
but the path named does not end with a slash. In this case, h
15 matches
Mail list logo