Red Hat Bugzilla – Bug 851768
Review Request: mod_rpaf - Changes the remote IP in Apache to use client IP and not proxy IP
Last modified: 2012-12-31 05:16:17 EST
mod_rpaf changes the remote address of the client visible to other
Apache modules when two conditions are satisfied. First condition is
that the remote client is actually a proxy that is defined in
httpd configuration file.
Secondly if there is an incoming X-Forwarded-For header and the proxy
is in it's list of known proxies it takes the last IP from the incoming
X-Forwarded-For header and changes the remote address of the client in
the request structure. It also takes the incoming X-Host header and
updates the virtual host settings accordingly.
For Apache2 mod_proxy it takes the X-Forwared-Host header and updates
the virtual hosts.
Fedora Account System Username: virer
el6 build ok
Is this version vulnerable to CVE-2012-3526?
It is not affected since this version does not use debian custom patch
Since I still lack of sponsor and I have no more time to spend on it, I close it.