httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55635] New: mod_remoteip remove first not trusted IP from RemoteIPHeader
Date Mon, 07 Oct 2013 09:06:08 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55635

            Bug ID: 55635
           Summary: mod_remoteip remove first not trusted IP from
                    RemoteIPHeader
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_remoteip
          Assignee: bugs@httpd.apache.org
          Reporter: vivanv@mail.ru

mod_remoteip remove first not trusted IP(Client IP) from RemoteIPHeader

httpd.conf
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.20.106.70
RemoteIPTrustedProxy 87.250.250.203

LogFormat "%h %a %{c}a %{X-Forwarded-For}i %l %u %t \"%m\" \"%r&\" \"%q&\" %>s
%b \"%{Referer}i\" \"%{User-Agent}i\" pid=%{pid}P tid=%{tid}P time_ms=%D"
combined
CustomLog
"|/import/home/ivan.voronin/tmp/tmp/apache_project/distrib/apache2/bin/rotatelogs
logs/access_log.%Y.%m.%d 86400" combined

<Location /test>
    Order Deny,Allow
    Deny from all
    Allow from localhost 127.0.0.1 1.1.1.1
</Location>

GET http://srv2-x64rh6-01:1280/test/1.xml

[no cookies]

Request Headers:
Connection: keep-alive
X-Forwarded-For: 1.1.1.2, 1.1.1.1, 87.245.198.54, 87.250.250.203
Accept: */*
Host: srv2-x64rh6-01:1280
User-Agent: Apache-HttpClient/4.1.2 (java 1.5)

access_log.2013.10.07:
ivoronin.net.billing.ru 87.245.198.54 172.20.106.70 1.1.1.2, 1.1.1.1 - -
[07/Oct/2013:12:44:00 +0400] "GET" "GET /test/1.xml HTTP/1.1&" "&" 403 212 "-"
"Apache-HttpClient/4.1.2 (java 1.5)" pid=27844 tid=140346537215744 time_ms=3111

As you can see, mod_remoteip removed 87.245.198.54 from X-Forwarded-For
(RemoteIPHeader).
This is not the behavior as documented because 87.245.198.54 is not configured
to be "trusted".
So, it's not possible to pass correct Client IP to backend if the mod_remoteip
is used.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message