httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server
Date Wed, 15 Jun 2005 14:07:40 GMT
On 6/15/05, David Adam <> wrote:
> (You're probably not going to like this answer - all I can say is that I'm
> sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do
> I manage more than about fifty users with CGI web pages, and our attitude
> to them is very much 'if it breaks, fix it yourself'.)
> From what I understand of CGI, it is difficult do this. The
> REMOTE_ADDR variable is set on the receiving (internal) server - you'll
> have to override it from there.
> You might want to examine:
> - mod_rewrite on the internal servers - I don't know enough about
> mod_rewrite to be able to tell you if (and how) it can change local CGI
> variables.

This won't, in general, work.  The CGI environment variables are set
at the last minute before launching CGI scripts and hence can't be
overriden in the apache configuration.

> - writing some evil wrapper that rearranges - for example, replacing your
> PERL/Python/whatever executables with a shell script that tests for the
> presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be
> careful with this - X_FORWARDED_FOR does -not- have the same semantics as
> REMOTE_ADDR (see what happens when you pass through two proxy servers, for
> example).
> - sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your
> customers! There are bucketloads of examples for detecting and fixing
> proxy headers

Both good suggestions.

The only other suggestion is to write an apache module that modifies
the internal apache request structure to replace the address.  This
wouldn't be too difficult (and I think such a module already exists
for 1.3 but not for 2.1), but you would need to be extremely careful
not to mess up the security of your server.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message