Changes between Initial Version and Version 1 of Ticket #31288, comment 10
- Timestamp:
- 02/11/2015 02:43:52 AM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #31288, comment 10
initial v1 1 1 What about in addition to checking the X-Forwarded-Proto header we also check Remote-Addr, a server set header against a filtered array of whitelisted load balancer IP addresses since the issue here isn't whether to use the X-Forwarded-Proto header but verifying the identity of the server sending it and the ability to not have load balancer heading checks enabled by default. 2 2 3 I am not convinced header manipulation is a notreal concern though for this use case. Using the load balancer use case, the only traffic sent to the web server is through a VPN connection between the load balancers and the web servers. It is not possible for the web server to be access via port 80 directly.3 I am not convinced header manipulation is a real concern though for this use case. Using the load balancer use case, the only traffic sent to the web server is through a VPN connection between the load balancers and the web servers. It is not possible for the web server to be access via port 80 directly.