httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "howard chen" <howac...@gmail.com>
Subject [users@httpd] X_FORWARDED_FOR, squid and apache IP cheating
Date Fri, 23 May 2008 13:12:15 GMT
Hi,

This is my current setup in using squid3 as reverse proxy in front of apache:

browser (e.g. 202.182.201.3) <----> squid3 stable6 <----> apache 1.3.37 (PHP)

My PHP will get the user IP by HTTP_X_FORWARDED_FOR pass by squid.

Now the problem is:

1. if user send a request already contains header of
"X_FORWARDED_FOR", Apache will ignore the value set by Squid and will
use the client one,
so my program will be cheated by the client as the IP can be any
specified by client.

This only occur in Apache 1.x but not Apache 2.x

Any idea?

Thanks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message