prxgen
commented
10 years ago - comparison of connecting IP against trusted RPAF_ProxyIPs done with apr_ipsubnet_test() rather than previous approach that relied on ipv4-limited check_cidr() and strcmp()
- rpaf_looks_like_ip() checks that RPAF_Header request values and RPAF_ProxyIPs config values contain valid ipv4/6 addresses
- new RPAF_ForbidIfNotProxy option to forbid requests not connecting from RPAF_ProxyIps; otherwise difficult to use Allow/Deny access control on proxies after remote address substitution has taken place
- ifdef brackets around code dealing with server_rec->server_scheme because that struct member is only in versions >= 2.2.3
- set "remoteip-proxy-ip-list" value in r->notes table to list of proxies so other modules can know about trusted intermediaries and IP substitution; similar to Apache2.4 mod_remoteip