Greetings, Why you don't implement X-FORWARDED-FOR into stunnel ? I have found this patch : http://haproxy.1wt.eu/download/patches/stunnel-4.32-xforwarded-for.diff but this on is to much old, i'm with stunnel 4.41 and i can't go to 4.32 because i need SNI, implemented since 4.38 I have attempt to modify the patch to match with the current version, in begining it's ok but not after, all line code have changed and i'm not developer. X-FORWARDED-FOR is very important and exist on mostly all the frontend web and usuable by all the web server. Someone told me to switch to Nginx because X-FORWARDED-FOR don't exist in Stunnel ... I would like stay on Stunnel because it's only a light tunnel. The patch have only 219 lines, could you help me please to addapt it to the version 4.41 and/or add this feature into Stunnel please ? This is the "manual" to apply the patch : http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-an... Just need to add "xforwardedfor=yes" into your config file and should be OK. With this feature, I won't have need to "play" with this (censured) of transparent = source, iptables rules, tcpdump and root exec ... Thanks so much ... Elodie.
Elodie BOSSIER wrote:
Why you don't implement X-FORWARDED-FOR into stunnel ?
I didn't implement this feature yet, because: 1. It's hard to do it right. 2. I'm the breadwinner for my family. I'm too busy with things I do for a living.
The patch have only 219 lines, could you help me please to addapt it to the version 4.41 and/or add this feature into Stunnel please ?
I'm not going to apply this patch, because: 1. It does not support chains of proxies: https://secure.wikimedia.org/wikipedia/en/wiki/X-Forwarded- For#Format 2. It does not support HTTP persistent connections (only modifies the first request of each connection): https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_persistent_connection 3. The code is ugly. 4. It does not have a GPL-compatible, non-copyleft license.
Thanks so much ...
You're welcome. Mike
Ok thanks. Do you think to create more later (when you will be less busy) this feature with a better code ? Le 18/08/2011 17:24, Michal Trojnara a écrit :
Elodie BOSSIER wrote:
Why you don't implement X-FORWARDED-FOR into stunnel ?
I didn't implement this feature yet, because: 1. It's hard to do it right. 2. I'm the breadwinner for my family. I'm too busy with things I do for a living.
The patch have only 219 lines, could you help me please to addapt it to the version 4.41 and/or add this feature into Stunnel please ?
I'm not going to apply this patch, because: 1. It does not support chains of proxies: https://secure.wikimedia.org/wikipedia/en/wiki/X-Forwarded-For#Format 2. It does not support HTTP persistent connections (only modifies the first request of each connection):
https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_persistent_connection 3. The code is ugly. 4. It does not have a GPL-compatible, non-copyleft license.
Thanks so much ...
You're welcome.
Mike
I would suggest that it could be argued that it isn't stunnel's job to worry about such things. I appreciate people want it, but stunnel is a TCP-over-SSL pipe - not a web proxy... If you need such a feature, shouldn't you be using Apache or something? Jason -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Le 19/08/2011 06:41, Jason Haar a écrit :
I would suggest that it could be argued that it isn't stunnel's job to worry about such things. I appreciate people want it, but stunnel is a TCP-over-SSL pipe - not a web proxy...
If you need such a feature, shouldn't you be using Apache or something?
Already done, i'm now with Nginx and it's work, i wanted only a tunnel SSL and Nginx do it perfectly for the web.
participants (3)
-
Elodie BOSSIER -
Jason Haar -
Michal Trojnara