httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1208754 - in /httpd/httpd/branches/2.4.x: ./ docs/manual/expr.xml docs/manual/mod/core.xml docs/manual/mod/mod_log_config.xml docs/manual/mod/mod_remoteip.xml
Date Wed, 30 Nov 2011 20:31:27 GMT
Author: minfrin
Date: Wed Nov 30 20:31:26 2011
New Revision: 1208754

URL: http://svn.apache.org/viewvc?rev=1208754&view=rev
Log:
Backport:
Clarify the peer IP of the connection and the client IP of the request within
the docs.

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/expr.xml
    httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.xml
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_remoteip.xml

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Nov 30 20:31:26 2011
@@ -1,3 +1,3 @@
 /httpd/httpd/branches/revert-ap-ldap:1150158-1150173
 /httpd/httpd/branches/wombat-integration:723609-723841
-/httpd/httpd/trunk:1201042,1201111,1201194,1201198,1201202,1202456,1202886,1203859,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206587,1207719
+/httpd/httpd/trunk:1201042,1201111,1201194,1201198,1201202,1202456,1202886,1203859,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206587,1207719,1208753

Modified: httpd/httpd/branches/2.4.x/docs/manual/expr.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/expr.xml?rev=1208754&r1=1208753&r2=1208754&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/expr.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/expr.xml Wed Nov 30 20:31:26 2011
@@ -238,7 +238,7 @@ listfunction ::= listfuncname "<strong>(
         <td>The error log id of the connection (see
             <directive module="core">ErrorLogFormat</directive>)</td></tr>
     <tr><td><code>CONN_REMOTE_ADDR</code></td>
-        <td>The raw IP address of the remote host (see the
+        <td>The peer IP address of the connection (see the
             <module>mod_remoteip</module> module)</td></tr>
 
     </table>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml?rev=1208754&r1=1208753&r2=1208754&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml Wed Nov 30 20:31:26 2011
@@ -1375,10 +1375,10 @@ in case of an error</description>
         <td>The percent sign</td></tr>
 
     <tr><td><code>%a</code></td>
-        <td>Remote IP-address and port</td></tr>
+        <td>Client IP address and port of the request</td></tr>
 
     <tr><td><code>%{c}a</code></td>
-        <td>Actual remote IP-address and port (see the
+        <td>Underlying peer IP address and port of the connection (see the
             <module>mod_remoteip</module> module)</td></tr>
 
     <tr><td><code>%A</code></td>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.xml?rev=1208754&r1=1208753&r2=1208754&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_log_config.xml Wed Nov 30 20:31:26 2011
@@ -71,11 +71,11 @@
         <td>The percent sign.</td></tr>
 
     <tr><td><code>%a</code></td>
-        <td>Remote IP-address.</td></tr>
+        <td>Client IP address and port of the request.</td></tr>
 
     <tr><td><code>%{c}a</code></td>
-        <td>Actual remote IP-address and port (see the
-        <module>mod_remoteip</module> module)</td></tr>
+        <td>Underlying peer IP address and port of the connection (see the
+        <module>mod_remoteip</module> module).</td></tr>
 
     <tr><td><code>%A</code></td>
         <td>Local IP-address.</td></tr>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_remoteip.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_remoteip.xml?rev=1208754&r1=1208753&r2=1208754&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_remoteip.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_remoteip.xml Wed Nov 30 20:31:26 2011
@@ -23,9 +23,9 @@
 <modulesynopsis metafile="mod_remoteip.xml.meta">
 
 <name>mod_remoteip</name>
-<description>Replaces the apparent client remote IP address for the request
-with the IP address list presented by a proxies or a load balancer via the
-request headers.
+<description>Replaces the original peer IP address for the connection
+with the client IP address list presented by a proxies or a load balancer
+via the request headers.
 </description>
 
 <status>Base</status>
@@ -33,22 +33,22 @@ request headers.
 <identifier>remoteip_module</identifier>
 
 <summary>
-    <p>This module is used to treat the remote host which initiated the
-    request as the originating remote host as identified by httpd for the
-    purposes of authorization and logging, even where that remote host is
+    <p>This module is used to treat the client which initiated the
+    request as the originating client as identified by httpd for the
+    purposes of authorization and logging, even where that client is
     behind a load balancer, front end server, or proxy server.</p>
 
-    <p>The module overrides the apparent remote (client) IP for
-    the request with the IP address reported in the request header
-    configured with the <directive>RemoteIPHeader</directive> directive.</p>
-
-    <p>Once replaced as instructed, this apparent IP address is then used
-    for the <module>mod_authz_host</module>
-    <directive module="mod_authz_host" type="section">Require ip</directive>
feature,
-    is reported by <module>mod_status</module>, and is recorded by
+    <p>The module overrides the peer IP address for the connection
+    with the client IP address reported in the request header configured
+    with the <directive>RemoteIPHeader</directive> directive.</p>
+
+    <p>Once replaced as instructed, this overridden client IP address is
+    then used for the <module>mod_authz_host</module>
+    <directive module="mod_authz_host" type="section">Require ip</directive>
+    feature, is reported by <module>mod_status</module>, and is recorded by
     <module>mod_log_config</module> <code>%a</code> and <module>core</module>
-    <code>%a</code> format strings. The original remote IP of the connection
is
-    available in the <code>%{c}a</code> format string.</p>
+    <code>%a</code> format strings. The underlying peer IP of the connection
+    is available in the <code>%{c}a</code> format string.</p>
 
     <note type="warning">It is critical to only enable this behavior from
     intermediate hosts (proxies, etc) which are trusted by this server, since
@@ -61,23 +61,27 @@ request headers.
 
 <section id="processing"><title>Remote IP Processing</title>
 
-    <p>Apache identifies the client with the connection's remote_ip value,
-    and the connection remote_host and remote_logname are derived from this
-    value.  These fields play a role in authentication, authorization and
-    logging and other purposes by other loadable modules.</p>
-
-    <p>mod_remoteip replaces the true remote_ip with the advertised remote_ip as
-    provided by a proxy, for every evaluation of the client that occurs in the
-    server.</p>
+    <p>Apache by default identifies the client with the connection's
+    peer_ip value, and the connection remote_host and remote_logname are
+    derived from this value. These fields play a role in authentication,
+    authorization and logging and other purposes by other loadable
+    modules.</p>
+
+    <p>mod_remoteip overrides the peer IP of the connection with the
+    advertised client IP as provided by a proxy or load balancer, for
+    the duration of the request. A load balancer might establish a long
+    lived keepalive connection with the server, and each request will
+    have the correct client IP, even though the underlying peer IP
+    address of the load balancer remains unchanged.</p>
 
-    <p>When multiple, comma delimited remote IP addresses are listed in the
+    <p>When multiple, comma delimited client IP addresses are listed in the
     header value, they are processed in Right-to-Left order.  Processing
-    halts when a given remote IP address is not trusted to present the
+    halts when a given client IP address is not trusted to present the
     preceding IP address.  The header field is updated to this remaining
     list of unconfirmed IP addresses, or if all IP addresses were trusted,
     this header is removed from the request altogether.</p>
 
-    <p>In replacing the remote_ip, the module stores the list of intermediate
+    <p>In overriding the client IP, the module stores the list of intermediate
     hosts in a remoteip-proxy-ip-list note, which <module>mod_log_config</module>
     can record using the <code>%{remoteip-proxy-ip-list}n</code> format token.
     If the administrator needs to store this as an additional header, this
@@ -181,9 +185,10 @@ request headers.
 <usage>
     <p>The <directive>RemoteIPProxiesHeader</directive> directive specifies
     a header into which <module>mod_remoteip</module> will collect a list of
-    all of the intermediate client IP addresses trusted to resolve the actual
-    remote IP.  Note that intermediate <directive>RemoteIPTrustedProxy</directive>
-    addresses are recorded in this header, while any intermediate
+    all of the intermediate client IP addresses trusted to resolve the client
+    IP of the request. Note that intermediate
+    <directive>RemoteIPTrustedProxy</directive> addresses are recorded in
+    this header, while any intermediate
     <directive>RemoteIPInternalProxy</directive> addresses are discarded.</p>
 
     <example><title>Example</title>
@@ -206,7 +211,7 @@ request headers.
     <directive>RemoteIPInternalProxy</directive> directive, any intranet
     or private IP address reported by such proxies, including the 10/8, 172.16/12,
     192.168/16, 169.254/16 and 127/8 blocks (or outside of the IPv6 public
-    2000::/3 block) are not trusted as the remote IP, and are left in the
+    2000::/3 block) are not trusted as the client IP, and are left in the
     <directive>RemoteIPHeader</directive> header's value.</p>
 
     <example><title>Trusted (Load Balancer) Example</title>



Mime
View raw message