Return-Path: Delivered-To: apmail-httpd-modules-dev-archive@locus.apache.org Received: (qmail 97769 invoked from network); 26 Mar 2007 14:54:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 26 Mar 2007 14:54:41 -0000 Received: (qmail 2647 invoked by uid 500); 26 Mar 2007 14:54:47 -0000 Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org Received: (qmail 2577 invoked by uid 500); 26 Mar 2007 14:54:47 -0000 Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: modules-dev@httpd.apache.org Delivered-To: mailing list modules-dev@httpd.apache.org Received: (qmail 2544 invoked by uid 99); 26 Mar 2007 14:54:47 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Mar 2007 07:54:47 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [65.19.169.34] (HELO babylon.hostgo.com) (65.19.169.34) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Mar 2007 07:54:37 -0700 Received: from 73.red-81-47-9.staticip.rima-tde.net ([81.47.9.73] helo=192.168.0.2) by babylon.hostgo.com with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.63) (envelope-from ) id 1HVqaJ-0000kI-Qb for modules-dev@httpd.apache.org; Mon, 26 Mar 2007 10:54:14 -0400 Subject: Re: deny access to unknow IP addresses From: devel To: modules-dev@httpd.apache.org In-Reply-To: <4607CFA4.2020700@joe-lewis.com> References: <1174758875.4379.4.camel@localhost.localdomain> <1174756781.5715.7.camel@test.asus> <1174903982.4370.8.camel@localhost.localdomain> <4607CFA4.2020700@joe-lewis.com> Content-Type: text/plain; charset=utf-8 Date: Mon, 26 Mar 2007 15:53:50 +0000 Message-Id: <1174924430.4591.20.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-27.rhel4.6) Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - babylon.hostgo.com X-AntiAbuse: Original Domain - httpd.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - pas-world.com X-Source: X-Source-Args: X-Source-Dir: X-Virus-Checked: Checked by ClamAV on apache.org Well, I wrote this stupid question: > remote_ip always point to IP of client if server know it? Really, I want say this, for clients that connect through a proxy.=20 Server always know HTTP_CLIENT_IP but can not know CLIENT_IP if proxy do not send it or is false. Directives of mod_authz_host seems to not include this. In a case a filter get request before another modules get it, this module should terminate connection if proxy do not send it. I do not know is this is posible. Thanks Joe. (very patient). El lun, 26-03-2007 a las 07:50 -0600, Joe Lewis escribi=C3=B3:=20 > devel wrote: > > Hello, > > In=20 > > conn_rec *connection; > > a can see: > > char *remote_ip; > > > > remote_ip always point to IP of client if server know it? > > =20 > The server will always know the remote IP address - this is because=20 > every TCP connection has two end points, a source address and a=20 > destination. In order to send packets back to whomever requested the=20 > connection, the source has to be known. This is placed into the=20 > remote_ip of that record. (I won't go into the dynamics of NAT and=20 > other network hacks as this is not a TCP/IP discussion arena.) >=20 > Joachim gave the correct link for documentation on setting up=20 > authorization based on known IP addresses with Apache 2.2. >=20 > If you must reinvent the wheel, it may be easier to download the Apache=20 > source code and review the mod_authz_host (or appropriate module for=20 > your specific apache version) to familiarize yourself with the code path=20 > of the module. >=20 > Joe --=20 -- Publicidad http://www.pas-world.com