Greetings,
Why you don't implement X-FORWARDED-FOR into stunnel ?
I have found this patch : http://haproxy.1wt.eu/download/patches/stunnel-4.32-xforwarded-for.diff but this on is to much old, i'm with stunnel 4.41 and i can't go to 4.32 because i need SNI, implemented since 4.38
I have attempt to modify the patch to match with the current version, in begining it's ok but not after, all line code have changed and i'm not developer.
X-FORWARDED-FOR is very important and exist on mostly all the frontend web and usuable by all the web server.
Someone told me to switch to Nginx because X-FORWARDED-FOR don't exist in Stunnel ... I would like stay on Stunnel because it's only a light tunnel.
The patch have only 219 lines, could you help me please to addapt it to the version 4.41 and/or add this feature into Stunnel please ?
This is the "manual" to apply the patch : http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-an... Just need to add "xforwardedfor=yes" into your config file and should be OK.
With this feature, I won't have need to "play" with this (censured) of transparent = source, iptables rules, tcpdump and root exec ...
Thanks so much ...
Elodie.
Elodie BOSSIER wrote:
Why you don't implement X-FORWARDED-FOR into stunnel ?
I didn't implement this feature yet, because: 1. It's hard to do it right. 2. I'm the breadwinner for my family. I'm too busy with things I do for a living.
The patch have only 219 lines, could you help me please to addapt it to the version 4.41 and/or add this feature into Stunnel please ?
I'm not going to apply this patch, because: 1. It does not support chains of proxies: https://secure.wikimedia.org/wikipedia/en/wiki/X-Forwarded- For#Format 2. It does not support HTTP persistent connections (only modifies the first request of each connection): https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_persistent_connection 3. The code is ugly. 4. It does not have a GPL-compatible, non-copyleft license.
Thanks so much ...
You're welcome.
Mike
Ok thanks.
Do you think to create more later (when you will be less busy) this feature with a better code ?
Le 18/08/2011 17:24, Michal Trojnara a écrit :
Elodie BOSSIER wrote:
Why you don't implement X-FORWARDED-FOR into stunnel ?
I didn't implement this feature yet, because:
- It's hard to do it right.
- I'm the breadwinner for my family. I'm too busy with things I do
for a living.
The patch have only 219 lines, could you help me please to addapt it to the version 4.41 and/or add this feature into Stunnel please ?
I'm not going to apply this patch, because:
- It does not support chains of proxies: https://secure.wikimedia.org/wikipedia/en/wiki/X-Forwarded-For#Format
- It does not support HTTP persistent connections (only modifies the
first request of each connection):
https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_persistent_connection 3. The code is ugly. 4. It does not have a GPL-compatible, non-copyleft license.
Thanks so much ...
You're welcome.
Mike
I would suggest that it could be argued that it isn't stunnel's job to worry about such things. I appreciate people want it, but stunnel is a TCP-over-SSL pipe - not a web proxy...
If you need such a feature, shouldn't you be using Apache or something?
Jason
Le 19/08/2011 06:41, Jason Haar a écrit :
I would suggest that it could be argued that it isn't stunnel's job to worry about such things. I appreciate people want it, but stunnel is a TCP-over-SSL pipe - not a web proxy...
If you need such a feature, shouldn't you be using Apache or something?
Already done, i'm now with Nginx and it's work, i wanted only a tunnel SSL and Nginx do it perfectly for the web.
-
Elodie BOSSIER -
Jason Haar -
Michal Trojnara