httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Cramer <cra...@webkist.com>
Subject [PATCH] Add CookieIPHeader directive to mod_usertrack (for 1.3)
Date Tue, 12 Aug 2003 21:10:19 GMT
If apache is running behind a device which masks the client's IP address 
with its own, mod_usertrack will use this IP address as part of its 
cookie_id. Since this is NOT the actual IP address of the client (and 
may in fact be information best kept private), this behavior could be 
less than ideal.

Some devices (including a reverse-proxying Apache instance) set HTTP 
headers which contain the "real" IP address of the request, which might 
be more appropriate for mod_usertrack.

The attached patch adds the "CookieIPHeader" directive which takes as 
its only argument the name of the header containing the IP address to 
use. For example, mod_usertrack could use the IP address passed on my 
another Apache instance's "ProxyPass" with the following directive:

CookieIPHeader X-Forwarded-For

If the specified header doesn't exist or inet_aton() fails to parse it, 
the default value (from r->connection) is used instead. Without the 
directive, apache's behavior is unchanged.

This patch is against the mod_usertrack.c found in 1.3.28.

-- 
Mike Cramer
http://www.webkist.com/

Mime
View raw message