Re: Fwd: WGLC: draft-ietf-appsawg-http-forwarded-02.txt
Willy Tarreau <w@1wt.eu> Wed, 02 May 2012 05:26 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDFFF21F85EF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 1 May 2012 22:26:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.469
X-Spam-Level:
X-Spam-Status: No, score=-10.469 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3E5lkQnXXpn for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 1 May 2012 22:26:07 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 70B8321F85F0 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 1 May 2012 22:26:07 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SPS3d-0007vw-7F for ietf-http-wg-dist@listhub.w3.org; Wed, 02 May 2012 05:24:57 +0000
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <w@1wt.eu>) id 1SPS3R-0007sT-8a for ietf-http-wg@listhub.w3.org; Wed, 02 May 2012 05:24:45 +0000
Received: from 1wt.eu ([62.212.114.60]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <w@1wt.eu>) id 1SPS3N-0005kN-9m for ietf-http-wg@w3.org; Wed, 02 May 2012 05:24:42 +0000
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id q425OEoH018358; Wed, 2 May 2012 07:24:14 +0200
Date: Wed, 02 May 2012 07:24:14 +0200
From: Willy Tarreau <w@1wt.eu>
To: Mark Nottingham <mnot@mnot.net>
Cc: IETF HTTP WG <ietf-http-wg@w3.org>
Message-ID: <20120502052414.GJ10028@1wt.eu>
References: <4FA02AEA.1080407@isode.com> <0A15D230-F8D2-498F-894B-86A3C987C456@mnot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <0A15D230-F8D2-498F-894B-86A3C987C456@mnot.net>
User-Agent: Mutt/1.4.2.3i
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: maggie.w3.org 1SPS3N-0005kN-9m 9886538c68f35ddf8740d9b54ea2cc0a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Fwd: WGLC: draft-ietf-appsawg-http-forwarded-02.txt
Archived-At: <http://www.w3.org/mid/20120502052414.GJ10028@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13509
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SPS3d-0007vw-7F@frink.w3.org>
Resent-Date: Wed, 02 May 2012 05:24:57 +0000
Hi Mark, On Wed, May 02, 2012 at 09:33:53AM +1000, Mark Nottingham wrote: > HTTP folk, > > Please have a look at this document and send along comments, especially if you're an intermediary or firewall person, or consume the existing X-Forwarded-For header. > > <http://tools.ietf.org/html/draft-ietf-appsawg-http-forwarded-02> A quick note before it escapes my mind, for 8.2. Information leak : I would add : This header field must never be copied into response messages by origin servers or intermediaries for whatever reason as it can reveal the whole proxy chain to the client. As a side effect, Special care must be taken in hosting environments not to allow the TRACE request where the Forwarded field is used, as it would appear in the body of the response message. I'll probably have other comments and agree with those raised by Amos. Regards, Willy
- Fwd: WGLC: draft-ietf-appsawg-http-forwarded-02.t… Mark Nottingham
- Re: Fwd: WGLC: draft-ietf-appsawg-http-forwarded-… Amos Jeffries
- Re: Fwd: WGLC: draft-ietf-appsawg-http-forwarded-… Amos Jeffries
- Re: Fwd: WGLC: draft-ietf-appsawg-http-forwarded-… Amos Jeffries
- Re: Fwd: WGLC: draft-ietf-appsawg-http-forwarded-… Amos Jeffries
- Re: Fwd: WGLC: draft-ietf-appsawg-http-forwarded-… Willy Tarreau
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Mark Nottingham
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Willy Tarreau
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Andreas Petersson
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Andreas Petersson
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Andreas Petersson
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Andreas Petersson
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Peter Lepeska
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Andreas Petersson
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Peter Lepeska
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Amos Jeffries
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Amos Jeffries
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Willy Tarreau
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt Peter Lepeska
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Andreas Petersson
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Willy Tarreau
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… John Sullivan
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-http-… Andreas Petersson
- Re: [apps-discuss] WGLC: draft-ietf-appsawg-http-… Andreas Petersson
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Willy Tarreau
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Julian Reschke
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Willy Tarreau
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… John Sullivan
- Re: WGLC: draft-ietf-appsawg-http-forwarded-02.tx… Willy Tarreau