You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Glenn Strauss
371e1bf723
enable with, e.g.:
extforward.headers = ( "Forwarded" )
or
extforward.headers = ( "Forwarded", "X-Forwarded-For" )
or
extforward.headers = ( "Forwarded", "X-Forwarded-For", "Forwarded-For" )
The default remains:
extforward.headers = ( "X-Forwarded-For", "Forwarded-For" )
Support for "Forwarded" is not enabled by default since intermediate
proxies might not be aware of Forwarded, and might therefore pass
spoofed Forwarded header received from client.
extforward.params = ( # overwrite "Host" with Forwarded value
#"host" => 1
# set REMOTE_USER with Forwarded value
#"remote_user" => 1
)
Note: be cautious configuring trusted proxies if enabling these options
since Forwarded header may be spoofed and passed along indescriminantly
by proxies which do not handle Forwarded.
To remove "Forwarded" from incoming requests, do not enable these
options and instead use mod_setenv to clear the request header:
setenv.set-request-header = ( "Forwarded" => "" )
Other proxy-related headers which admin might evaluate to keep or clear:
setenv.set-request-header = ( "X-Forwarded-For" => "",
"X-Forwarded-By" => "",
"X-Forwarded-Server" => "",
"X-Origin-IP" => "",
"Via" => "",
#...
)
x-ref:
"Forwarded HTTP Extension"
https://tools.ietf.org/html/rfc7239
"Forward authenticated user to proxied requests"
https://redmine.lighttpd.net/issues/2703
|
6 years ago | |
|---|---|---|
| .. | ||
| docroot | 6 years ago | |
| 404-handler.conf | 7 years ago | |
| CMakeLists.txt | 6 years ago | |
| LightyTest.pm | 6 years ago | |
| Makefile.am | 6 years ago | |
| SConscript | 6 years ago | |
| bug-06.conf | 7 years ago | |
| bug-12.conf | 7 years ago | |
| cachable.t | 8 years ago | |
| cleanup.sh | 8 years ago | |
| condition.conf | 7 years ago | |
| core-404-handler.t | 7 years ago | |
| core-condition.t | 7 years ago | |
| core-keepalive.t | 16 years ago | |
| core-request.t | 9 years ago | |
| core-response.t | 8 years ago | |
| core-var-include.t | 16 years ago | |
| core.t | 16 years ago | |
| fastcgi-10.conf | 7 years ago | |
| fastcgi-13.conf | 7 years ago | |
| fastcgi-auth.conf | 7 years ago | |
| fastcgi-responder.conf | 7 years ago | |
| fcgi-auth.c | 7 years ago | |
| fcgi-responder.c | 6 years ago | |
| lighttpd.conf | 6 years ago | |
| lighttpd.htpasswd | 7 years ago | |
| lighttpd.user | 19 years ago | |
| lowercase.conf | 7 years ago | |
| lowercase.t | 16 years ago | |
| mod-access.t | 7 years ago | |
| mod-auth.t | 7 years ago | |
| mod-cgi.t | 6 years ago | |
| mod-compress.conf | 8 years ago | |
| mod-compress.t | 14 years ago | |
| mod-evhost.conf | 7 years ago | |
| mod-evhost.t | 7 years ago | |
| mod-extforward.conf | 6 years ago | |
| mod-extforward.t | 6 years ago | |
| mod-fastcgi.t | 6 years ago | |
| mod-proxy.t | 8 years ago | |
| mod-redirect.t | 16 years ago | |
| mod-rewrite.t | 8 years ago | |
| mod-scgi.t | 6 years ago | |
| mod-secdownload.t | 6 years ago | |
| mod-setenv.t | 6 years ago | |
| mod-simplevhost.conf | 8 years ago | |
| mod-simplevhost.t | 10 years ago | |
| mod-ssi.t | 7 years ago | |
| mod-userdir.t | 10 years ago | |
| prepare.sh | 7 years ago | |
| proxy.conf | 7 years ago | |
| request.t | 6 years ago | |
| run-tests.pl | 14 years ago | |
| scgi-responder.c | 6 years ago | |
| scgi-responder.conf | 6 years ago | |
| symlink.t | 15 years ago | |
| var-include-sub.conf | 8 years ago | |
| var-include.conf | 8 years ago | |
| wrapper.sh | 12 years ago | |