disclosure of IP address in cookie

Peter Schober peter.schober at univie.ac.at
Mon Jul 8 09:40:54 EDT 2013


* Gruber Bernhard SAI sIT <Bernhard.Gruber at s-itsolutions.at> [2013-07-08 15:07]:
> But in our environment it includes the IP address of the reverse
> proxy (apache httpd with mod-proxy) in front of tomcat server.

Note that Univie also runs the Shib IdP within Tomcat and Tomcat
behind httpd with mod_proxy_ajp (and there's even a load balancer in
front, terminating TLS/SSL).
All client IP addresses show up as usual.
I don't have access to the setup anymore but I don't think we had to
do anything special.
-peter


More information about the users mailing list