[TYPO3-core] RFC: Fix bug #7397: Proxy servers replace REMOTE_ADDR with their own IP
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Wed Feb 20 12:47:33 CET 2008
Dmitry Dulepov [typo3] schrieb:
> Hi!
>
> Martin Kutschker wrote:
>> But this cannot happen. HTTP_X_FORWARDED_FOR is only accessed if
>> REMOTE_ADDRESS matches an IP that *you* have configured. This isn't
>> about some fancy proxies that might come into play somewhere, but
>> about your own or your ISP's proxy.
>
> Hm, I thought it was general feature, for every visitor from the world.
> But if it is that specific, then yes, you are right, we can use local
> addresses as well. But feature becomes very limited.
Otherwise it'd be dangerous. But I could modify the patch once more to
enable all non-transparent proxies. This could be done with or without a
CONF_VAR_SETTING.
Masi
More information about the TYPO3-team-core
mailing list