Messages

1

HFS ~ HTTP File Server / Re: Q / REQ : Proxied client IP detection

« on: April 12, 2008, 06:12:35 AM »

the problem is about people trying to spoof their IP, to make HFS show an incorrect IP in the log.
Apache is a trusted source, but there's no way for HFS to know it's apache.
A safe way may be to show it instead of the IP, but only if the IP is 127.0.0.1, because we may assume that software running on your own PC is trusted.
Any opinion?

Any implementation of this option would be great, "connection from localhost" requirement will make it a little more secure.
Actually, I didn't even know about this header till two days ago, therefore never thought about spoofing issue.

2

HFS ~ HTTP File Server / Q / REQ : Proxied client IP detection

« on: April 11, 2008, 07:07:04 AM »

Hi, I have a question / feature wish.
Basically, some time ago I set up a Apache server, later decided that I want HFS to serve files. So I wanted both to be active and use port 80 (impossible in reality)
So, right now HFS works through Apache proxy and virtual host, everything is OK except all client IPs are 127.0.0.1 (localhost) because of proxy routing.

Is there a way to make HFS read client ip from "http_x_forwarded_for" in http request header? Or could you implement this option in later versions... very very please.

p.s. I stopped serving files through apache because of 'limit speed per ip' option in HFS. Very few file servers have it, and I really want it. And there's no module for apache-win32 that does it, the one and only mod_cband is for linux apache.