httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Adam <zanc...@ucc.gu.uwa.edu.au>
Subject Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server
Date Wed, 15 Jun 2005 13:11:51 GMT
> > Have you tried looking at the X-Forwarded-For header? (Appears in CGI
> > scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
> > mod_proxy, as far as I know.
>
> yes I know this but all the scripts of my customers are looking for
> REMOTE_ADDR etc. So how can I forward this to my internal servers behind the
> proxy server?

Werner,

(You're probably not going to like this answer - all I can say is that I'm
sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do
I manage more than about fifty users with CGI web pages, and our attitude
to them is very much 'if it breaks, fix it yourself'.)

>From what I understand of CGI, it is difficult do this. The
REMOTE_ADDR variable is set on the receiving (internal) server - you'll
have to override it from there.

You might want to examine:
- mod_rewrite on the internal servers - I don't know enough about
mod_rewrite to be able to tell you if (and how) it can change local CGI
variables.

- writing some evil wrapper that rearranges - for example, replacing your
PERL/Python/whatever executables with a shell script that tests for the
presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be
careful with this - X_FORWARDED_FOR does -not- have the same semantics as
REMOTE_ADDR (see what happens when you pass through two proxy servers, for
example).

- sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your
customers! There are bucketloads of examples for detecting and fixing
proxy headers

Have a look at the nearest thing to a CGI standard at
http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html for more
information on CGI variables.

The second option above is what someone like me would do :-) (we have no
qualms about 'evil hacks' here - our version of suexec has to be patched
every time we upgrade Apache, to give just one example).

Best of luck,

David Adam
zanchey@ucc.gu.uwa.edu.au


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message