Simon Willison's Weblog: rpafhttp://simonwillison.net/2008-06-24T17:02:55+00:00Simon Willisonmod_rpaf for Apache2008-06-24T17:02:55+00:002008-06-24T17:02:55+00:00https://simonwillison.net/2008/Jun/24/modrpaf/#atom-tag
<p><strong><a href="http://stderr.net/apache/rpaf/">mod_rpaf for Apache</a></strong></p>
A more secure alternative to Django’s equivalent middleware: sets the REMOTE_ADDR of incoming requests from whitelisted load balancers to the X-Forwarded-For header, without any risk that if the load balancers are missing attackers could abuse it to spoof their IP addresses.
<p>Tags: <a href="https://simonwillison.net/tags/apache">apache</a>, <a href="https://simonwillison.net/tags/django">django</a>, <a href="https://simonwillison.net/tags/http">http</a>, <a href="https://simonwillison.net/tags/load-balancing">load-balancing</a>, <a href="https://simonwillison.net/tags/middleware">middleware</a>, <a href="https://simonwillison.net/tags/modrpaf">modrpaf</a>, <a href="https://simonwillison.net/tags/rpaf">rpaf</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/xforwardedfor">xforwardedfor</a></p>