httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From devel <>
Subject Re: deny access to unknow IP addresses
Date Mon, 26 Mar 2007 15:53:50 GMT
Well, I  wrote this stupid question:
> remote_ip always point to IP of client if server know it?

Really, I want say this, for clients that connect through a proxy. 
Server always know HTTP_CLIENT_IP but can not know CLIENT_IP if proxy do
not send it or is false.

Directives of mod_authz_host seems to not include this.

In a case a filter get request before another modules get it, this
module should terminate connection if proxy do not send it. I do not
know is this is posible.

Thanks Joe. (very patient).

El lun, 26-03-2007 a las 07:50 -0600, Joe Lewis escribió: 
> devel wrote:
> > Hello,
> > In 
> > conn_rec *connection;
> > a can see:
> > char *remote_ip;
> >
> > remote_ip always point to IP of client if server know it?
> >   
> The server will always know the remote IP address - this is because 
> every TCP connection has two end points, a source address and a 
> destination.  In order to send packets back to whomever requested the 
> connection, the source has to be known.  This is placed into the 
> remote_ip of that record.  (I won't go into the dynamics of NAT and 
> other network hacks as this is not a TCP/IP discussion arena.)
> Joachim gave the correct link for documentation on setting up 
> authorization based on known IP addresses with Apache 2.2.
> If you must reinvent the wheel, it may be easier to download the Apache 
> source code and review the mod_authz_host (or appropriate module for 
> your specific apache version) to familiarize yourself with the code path 
> of the module.
> Joe

View raw message