httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@rowe-clan.net
Subject RE: Re: mod_status: Apache 2.4 incorrect IP (proxy, not useragent_ip) on server-status page
Date Thu, 11 Sep 2014 14:04:39 GMT
+1, this is the right question, Jim.
 
>From the docs for mod_remoteip;
 
"This module is used to treat the useragent which initiated the request as the originating
useragent as identified by httpd for the purposes of authorization and logging"
 
"The module overrides the client IP address for the connection"
 
"Once replaced as instructed, this overridden useragent IP address is then used"
 
Any other behavior is invalid to users of mod_remoteip.
 
It was correctly observed that there is an intermediate state, following the logging of a
request and destruction of the request pool, where the identity of the keep-alive connection
truly belongs to the direct-remote user agent, and is no longer an attribute of the proxied
request.  Therefore, falling back to the c->remote_addr is entirely appropriate, and that
remote_addr must be used as the basis for mod_remoteip to handshake the next reported remote
client ip.
 
So here's a +1 to changing the behavior of ap_get_remote_host, as documented, the existing
behavior is flawed.
 


--------- Original Message --------- Subject: Re: mod_status: Apache 2.4 incorrect IP (proxy,
not useragent_ip) on server-status page
From: "Martynas Bendorius" <martynas@martynas.it>
Date: 9/11/14 8:35 am
To: dev@httpd.apache.org

Yes, we may re-phrase it like that, if we'd like to fix it in apache 
 source (and not documentation) :) Currently ap_get_remote_host in 
 server/core.c doesn't return useragent_ip, and instead of it we get 
 conn->client_ip.
 
 Best regards,
 Martynas Bendorius
 
 On 9/11/14 4:21 PM, Jim Jagielski wrote:
 > isn't the question rather "What should ap_get_remote_host()
 > return?"?
 >
 > On Sep 11, 2014, at 8:17 AM, Martynas Bendorius <martynas@martynas.it> wrote:
 >
 >> Hello,
 >>
 >> Would it be possible to change the documentation of mod_remoteip for 2.4 (http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html),
and get "is reported by mod_status" removed from the page? As it leds Apache customers to
believe that it will report a real (useragent) IP instead of a proxy one in server-status
page. useragent_ip is not even available in scoreboard, which is used by mod_status, so it's
not available for mod_status.
 >>
 >> This has been already discussed here: https://issues.apache.org/bugzilla/show_bug.cgi?id=55886
 >>
 >> Thank you!
 >>
 >> Best regards,
 >> Martynas Bendorius
 >>
 >

Mime
View raw message