httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: mod_remoteip does NOT change access-log IP
Date Thu, 24 Jan 2013 20:53:08 GMT


Am 24.01.2013 21:02, schrieb Stefan Fritsch:
>> 10.0.0.103 - - [23/Jan/2013:17:01:53 +0100] "GET
>> /images/page/tidy_16.gif HTTP/1.1" 304 -
>> "http://www.test.rh:8080/" "Mozilla/5.0 (X11; Linux x86_64;
>> rv:18.0) Gecko/20100101 Firefox/18.0" (-%)
> 
> 
> The problem seems to be ap_get_remote_host() which is used by the %h 
> used in the default access log format. But resolving an IP address 
> that came via X-Forwarded-For does not make any sense anyway, because 
> the server's view of DNS may be different than the proxy's view

if there is a different view it makes the behavior more worse

example:

* httpd is running in a LAN, no public access and has 10.0.0.6
* trafficserver is running on a public IP
* trafficserver connects with a second NIC to the httpd-backend

you do not want in such cases your private IP's anywhere because
X-Forwarded-For is the only place where you see a non LAN-address
and from the view of the application you are interested in the
public IP

* usages / geoip
* scripts which behave differently for trusted LAN-addresses


Mime
View raw message