[Icecast] X-forwarded-for header Was:[Re: Icecast2, ezstream and reverse proxy]

"Thomas B. Rücker" thomas at ruecker.fi
Fri May 23 12:37:57 UTC 2014


On 05/23/2014 11:49 AM, Hoggins! wrote:
> Le 23/05/2014 12:44, "Thomas B. Rücker" a écrit :
>> Hi,
>>
>> On 05/23/2014 09:34 AM, Hoggins! wrote:
>>> And it works like a charm, and allows us to benefit from the HTTP 1.1
>>> "Host" header, and use it in a virtual host.
>>> The filter simply rewrites the listening URL served by the Icecast pages
>>> to routable addresses and routable ports.
>> It will break some features of the web interface, unless you start
>> messing with the replies on the fly.
>> Also your Icecast logs will be mostly worthless.
> True here also. It makes me think that I though I had read somewhere
> that Icecast would correctly interpret the X-Forwarded-For headers, and
> print the client information accordingly. Here, we only have a bunch of
> localhost clients.

I've seen at least two separate patches, but they didn't address this
fully, IIRC. This needs to be off by default and you need to be able to
control it to ensure security. Else anyone can just inject and override
whatever source address they want.
If someone wants to step up and work on completing a patch, I'd be very
happy to see that.


Cheers

Thomas



More information about the Icecast mailing list