ietf
[Top] [All Lists]

Re: [apps-discuss] Last Call: <draft-ietf-appsawg-http-forwarded-06.txt> (Forwarded HTTP Extension) to Proposed Standard

2012-07-10 15:18:37
On Mon, Jul 09, 2012 at 10:48:59PM +0100, Stephen Farrell wrote:

So I have a question about this draft that wasn't
resolved on apps-discuss and is maybe more suited
for IETF LC anyway.

With geopriv, we've gone to a lot of trouble to
support end-users having some control over their
location privacy.

This HTTP header will be used by proxies to forward
on the IP address of a client, and that will be used
via geo-ip services to locate the HTTP client.

In practice, the real use for the header is in the reverse-proxy chain,
as many people already disable x-forwarded-for on outgoing proxies for
privacy concerns. And server-side generally ignores the untrustable
x-forwarded-for provided by clients anyway. In the abstract, the draft
says it's for use between trusted proxies, which generally means either
the client-side proxy chain for logging purposes, where the last one
will remove the info, or more generally the server side where everyone
appends itself.

Maybe a small paragraph on this might emphasize the intended purpose
and suggest use cases as well as software options to add/ignore/remove
the header depending on the proxy location in the chain.

Regards,
Willy

<Prev in Thread] Current Thread [Next in Thread>