[AusNOG] X-Forwarded-For vs RFC 7239

Paul Wilkins paulwilkins369 at gmail.com
Tue Apr 25 23:07:46 EST 2017


Thanks guys,
Pretty much consistent with what I was expecting. I do think as a general
rule if you're deploying new infrastructure, you should be forward
thinking, rather than configuring only what's required currently, so going
forward, there's one less touch point, and if the server/apps team want to
configure Forward, it's just there, rather than it being another
requirements cycle, but that's just me.

Kind regards

Paul Wilkins



On 25 April 2017 at 13:48, Colin Stubbs <
colin.stubbs at equatetechnologies.com.au> wrote:

>
> I’d agree with all of that; though this is actually the first I’ve heard
> of RFC-7239 actually being used. I am assuming you do actually have a
> genuine use case and not just wanting to add it because you really like
> complicating things!
>
> Looks reasonably sensible though, and a potential improvement over trying
> to understand multiple instances of X-Forwarded-For/X-Forward-Proto/X-Forwarded-Host
> etc, though I’m sure once widely deployed the contents will vary widely by
> implementation in the same way X-Forwarded-Whatevs headers often are right
> now.
>
> Either way it’d add basically zero overhead/resource consumption to add or
> modify within iRules if you’re already there and mucking with other
> headers. Slightly complex to parse and chain existing Forwarded contents if
> wanting to modify rather than adding additional; but still negligible.
>
> -Colin
>
> On 25 April 2017 at 13:24, Paul Wilkins <paulwilkins369 at gmail.com> wrote:
>
>> Folks,
>> Just looking for a sanity check on current HTTP proxy headers. My
>> understanding is X-Forwarded-For is widely deployed, widely parsed, and not
>> standard. RFC 7239 is a (proposed) standard, barely deployed, and mostly
>> ignored. Would best practice, going forward, be to include both headers (if
>> you were say, writing i-rules for such things)?
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170425/95e7c11c/attachment.html>


More information about the AusNOG mailing list