Received: by taz.hyperreal.com (8.8.3/V2.0) id OAA15085; Mon, 25 Nov 1996 14:23:16 -0800 (PST) Received: from eat.organic.com by taz.hyperreal.com (8.8.3/V2.0) with ESMTP id OAA15078; Mon, 25 Nov 1996 14:23:13 -0800 (PST) Received: from localhost (brian@localhost) by eat.organic.com (8.8.3/8.7.3) with SMTP id OAA27324 for ; Mon, 25 Nov 1996 14:23:45 -0800 (PST) Date: Mon, 25 Nov 1996 14:23:45 -0800 (PST) From: Brian Behlendorf To: new-httpd@hyperreal.com Subject: Re: WWW Form Bug Report: "Original Host not seen via Squid proxy server" on SunOS 4.x (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com This is the resolution of this bug report. I told him that this was not a patch we'd necessarily consider working on, but since he had source it would not be hard to do. I also pointed him towards the config logging stuff. Brian --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS ---------- Forwarded message ---------- Date: Fri, 15 Nov 1996 09:52:40 +0800 From: Greg Hitchen To: Brian Behlendorf Subject: Re: WWW Form Bug Report: "Original Host not seen via Squid proxy server" on SunOS 4.x (fwd) At 11:55 PM 13/11/96 -0800, you wrote: >> > > From: g.hitchen@per.dem.csiro.au >> > > To: apache-bugs%apache.org@organic.com >> > > Date: Tue Nov 12 20:03:13 1996 >> > > Subject: WWW Form Bug Report: "Original Host not seen via Squid proxy server" on SunOS 4.x >> > > Submitter: g.hitchen@per.dem.csiro.au >> > > Operating system: SunOS 4.x, version: >> > > Version of Apache Used: 1.1.1 >> > > Extra Modules used: >> > > URL exhibiting problem: >> > > >> > > Symptoms: >> > > -- >> > > Requests seen as coming from the Squid proxy >> > > machine, NOT the originating host. >> > > >> > > Was OK with NCSA httpd. >> > > >> > > I've been told this requires a mod to Apache. >> > > If so is support for this planned in a future >> > > release? > >I'm not sure what you mean by "seen as coming from" - if you mean in the web >logs or the CGI environment variables, yes, the server can only see those >accesses as accesses from the proxy - there's no way it can see the IP address >of the host behind the proxy. But you say it works with NCSA, so I'm confused. >Could you clarify? Thanks. > > Brian > >--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- >brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS > > > OK, following are excerpts from the access_log file. Firstly when using the NCSA httpd and secondly using Apache 1.1.1 **************** NCSA Log File ******************************************** patrickc.per.dem.CSIRO.AU,yagan.floreat.csiro.au - - [29/Jul/1996:10:10:21 +080 ] "GET / HTTP/1.0" 200 2572 patrickc.per.dem.CSIRO.AU,yagan.floreat.csiro.au - - [29/Jul/1996:10:10:22 +080 ] "GET /gifs/logork2.gif HTTP/1.0" 200 20722 patrickc.per.dem.CSIRO.AU,yagan.floreat.csiro.au - - [29/Jul/1996:10:10:22 +080 ] "GET /icons/balls/blueball.gif HTTP/1.0" 200 326 **************** Apache Log File ****************************************** yagan.floreat.csiro.au - - [04/Nov/1996:07:05:56 +0800] "GET / HTTP/1.0" 304 - yagan.floreat.csiro.au - - [04/Nov/1996:07:05:58 +0800] "GET /cgi-bin/Count.cgi dd=B|df=dem.dat&ft=0 HTTP/1.0" 200 2015 yagan.floreat.csiro.au - - [04/Nov/1996:07:05:59 +0800] "GET /icons/back.xbm HT P/1.0" 304 - yagan.floreat.csiro.au - - [04/Nov/1996:07:06:02 +0800] "GET /unrestricted/usag /mineprod/index.html HTTP/1.0" 200 4061 ****************************************************************************** In each instance the proxy server on site here is yagan.floreat.csiro.au In the first example the originating host, as well as the proxy host appears in the log file. OK Brian I passed on the info to our Organizations Web guru and this is how he responded. I guess this means we need to modify the code ourselves? >Date: Fri, 15 Nov 1996 11:03:50 +1100 (EST) >From: Kent Fitch >X-Sender: fit106@commsun >To: Greg Hitchen >Subject: Re: WWW Form Bug Report: "Original Host not seen via Squid proxy server" on SunOS 4.x (fwd) > >Hi Greg, > >We modified the CERN proxy/cache to pass on the IP address of the >client to the server in a special HTTP header using the "Pragma" keyword. >A few months after we did this, a "standard" became used by the Harvest >(now squid) cache (I think they use the "referer" header). We modified >the source for ncsa 1.3 and later, 1.5a to recognize both these headers, >and read from the config file the names of trusted caches. If a request >is forwarded from a trusted cache *AND* it has one of these headers, the >NCSA HTTP code was changed to use the client address passed up thru the >cache rather than the cache's address when doing access checking based on >address (and the IP addr/name passed to CGI scripts). > >That is why you are seeing the 2 host names separated by a comma in your >NCSA access log - we log both the client and the cache (if there are more >than 1 caches in the chain, we log them all, and they all must be in the >trusted cache list defined to NCSA) > >Hope this helps, > > >Kent Fitch Ph: +61 6 276 6711 >ITSB CSIRO Canberra Australia kent.fitch@its.csiro.au >"sonic klein man its me my shape burnt in the sky its me the memorie of me >racing thru the eye of the mer thru the eye of the sea thru the arm of the >needle merging and jacking new filaments new risks etched forever in a cold >system of wax..horses groping for a sign for a breath... >charms. sweet angels - you have made me no longer afraid of death" > - Patti Smith/Horses > ----------------------------------------------------------------------- | Greg Hitchen (Electron Beam Lab.) | email: g.hitchen@per.dem.csiro.au | | CSIRO Exploration and Mining | fax: +61 9 387 8642 | | Private Bag, P.O. Wembley | phone: +61 9 387 0349 | | WA 6014 Australia | | -----------------------------------------------------------------------