Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 16F6B10933 for ; Mon, 7 Oct 2013 09:06:41 +0000 (UTC) Received: (qmail 96835 invoked by uid 500); 7 Oct 2013 09:06:39 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 96534 invoked by uid 500); 7 Oct 2013 09:06:36 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 96522 invoked by uid 99); 7 Oct 2013 09:06:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Oct 2013 09:06:33 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Oct 2013 09:06:30 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id C5C591B67A; Mon, 7 Oct 2013 09:06:09 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 55635] New: mod_remoteip remove first not trusted IP from RemoteIPHeader Date: Mon, 07 Oct 2013 09:06:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_remoteip X-Bugzilla-Version: 2.5-HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: vivanv@mail.ru X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=55635 Bug ID: 55635 Summary: mod_remoteip remove first not trusted IP from RemoteIPHeader Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: mod_remoteip Assignee: bugs@httpd.apache.org Reporter: vivanv@mail.ru mod_remoteip remove first not trusted IP(Client IP) from RemoteIPHeader httpd.conf RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 172.20.106.70 RemoteIPTrustedProxy 87.250.250.203 LogFormat "%h %a %{c}a %{X-Forwarded-For}i %l %u %t \"%m\" \"%r&\" \"%q&\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" pid=%{pid}P tid=%{tid}P time_ms=%D" combined CustomLog "|/import/home/ivan.voronin/tmp/tmp/apache_project/distrib/apache2/bin/rotatelogs logs/access_log.%Y.%m.%d 86400" combined Order Deny,Allow Deny from all Allow from localhost 127.0.0.1 1.1.1.1 GET http://srv2-x64rh6-01:1280/test/1.xml [no cookies] Request Headers: Connection: keep-alive X-Forwarded-For: 1.1.1.2, 1.1.1.1, 87.245.198.54, 87.250.250.203 Accept: */* Host: srv2-x64rh6-01:1280 User-Agent: Apache-HttpClient/4.1.2 (java 1.5) access_log.2013.10.07: ivoronin.net.billing.ru 87.245.198.54 172.20.106.70 1.1.1.2, 1.1.1.1 - - [07/Oct/2013:12:44:00 +0400] "GET" "GET /test/1.xml HTTP/1.1&" "&" 403 212 "-" "Apache-HttpClient/4.1.2 (java 1.5)" pid=27844 tid=140346537215744 time_ms=3111 As you can see, mod_remoteip removed 87.245.198.54 from X-Forwarded-For (RemoteIPHeader). This is not the behavior as documented because 87.245.198.54 is not configured to be "trusted". So, it's not possible to pass correct Client IP to backend if the mod_remoteip is used. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org