[stunnel-users] X-Forwarded-For / X-Forwarded-Proto

Stefan Behte s.behte at babiel.com
Wed Feb 9 16:25:33 CET 2011


Hello Michal,

I've read that you prefer not to support X-Forwarded-For because an old code had a buffer overflow and did not support keep-alive functions of HTTP/1.1.

I believe the overflow was fixed in the newer version of the patch I've attached.

IMHO the patch will still be very useful, even if it does not support keep-alive: often in high-performence setups keep-alive is not even desired because it fills up ressources needlessly. Even if this does not provide all features, a lot of people would be satisfied with it.

There is a great desire for this patch, if one searches for "stunnel x-forwarded-for" on google, you will find more than 60 pages and not only a few dozens of blogs/mailing lists that discuss applying the patch and getting it to work as an SSL terminator for loadbalancing software.

And last, I know that the patch (the one Willy Tarreau is hosting on haproxy.1wt.eu and is attached) is in use at several high-traffic websites and runs stable. ;)

If it's too much of a hassle for you to review and/or integrate the patch, I can understand that very well, I'd just like to open a discussion and would like to know if you have concerns regarding the patch quality, even if you do not want to include the patch at this time. :)

Best regards,

Stefan Behte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stunnel-4.32-xforwarded-for.diff
Type: application/octet-stream
Size: 10945 bytes
Desc: stunnel-4.32-xforwarded-for.diff
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110209/4aaea9dc/attachment.obj>


More information about the stunnel-users mailing list