IETF Logo Mail Archive

Re: [apps-discuss] Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard

Willy Tarreau <w@1wt.eu> Tue, 10 July 2012 06:08 UTC

Return-Path: <w@1wt.eu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1A2621F86A5; Mon, 9 Jul 2012 23:08:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.421
X-Spam-Level:
X-Spam-Status: No, score=-4.421 tagged_above=-999 required=5 tests=[AWL=-2.378, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3NIQLFDDiZ7; Mon, 9 Jul 2012 23:08:54 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 8E36621F8646; Mon, 9 Jul 2012 23:08:53 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id q6A69CDQ021452; Tue, 10 Jul 2012 08:09:12 +0200
Date: Tue, 10 Jul 2012 08:09:12 +0200
From: Willy Tarreau <w@1wt.eu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard
Message-ID: <20120710060912.GA19405@1wt.eu>
References: <20120709162848.23418.51856.idtracker@ietfa.amsl.com> <4FFB51CB.2070608@cs.tcd.ie>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4FFB51CB.2070608@cs.tcd.ie>
User-Agent: Mutt/1.4.2.3i
X-Mailman-Approved-At: Tue, 10 Jul 2012 12:17:49 -0700
Cc: ietf@ietf.org, Apps Discuss <apps-discuss@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2012 06:08:55 -0000

On Mon, Jul 09, 2012 at 10:48:59PM +0100, Stephen Farrell wrote:
> 
> So I have a question about this draft that wasn't
> resolved on apps-discuss and is maybe more suited
> for IETF LC anyway.
> 
> With geopriv, we've gone to a lot of trouble to
> support end-users having some control over their
> location privacy.
> 
> This HTTP header will be used by proxies to forward
> on the IP address of a client, and that will be used
> via geo-ip services to locate the HTTP client.

In practice, the real use for the header is in the reverse-proxy chain,
as many people already disable x-forwarded-for on outgoing proxies for
privacy concerns. And server-side generally ignores the untrustable
x-forwarded-for provided by clients anyway. In the abstract, the draft
says it's for use between trusted proxies, which generally means either
the client-side proxy chain for logging purposes, where the last one
will remove the info, or more generally the server side where everyone
appends itself.

Maybe a small paragraph on this might emphasize the intended purpose
and suggest use cases as well as software options to add/ignore/remove
the header depending on the proxy location in the chain.

Regards,
Willy

v2.23.0 | Report a Bug | By Email