httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karel Kubat <ka...@e-tunity.com>
Subject Re: [users@httpd] RequesHeader directive not adding directive
Date Mon, 09 Feb 2009 23:03:35 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On Feb 9, 2009, at 6:24 PM, <Gerhardus.Geldenhuis@gta-travel.com> <Gerhardus.Geldenhuis@gta-travel.com

 > wrote:

> We have a forum site that is behind a load balancer and the site  
> relies
> on ip addresses to detect failed logins. This does not work because  
> the
> loadbalancer changes the source ip address to that of itself.
>
> our load balancer(f5) adds the original ip as x-forwarded-for http
> header.
>
> However the third party software that we use don't pick up this  
> header.
>
> Here is the relevant line(I think anyway, the function is called
> fetch_alt_ip) from the software:
> else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND
> preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s',
> $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
>
> Sidenote:
> If I have to change the code the following works by editing the  
> fetch_ip
> function from:
> return $_SERVER['REMOTE_ADDR'];
> to
> return (getenv(HTTP_X_FORWARDED_FOR))
> ? getenv(HTTP_X_FORWARDED_FOR)
> : getenv(REMOTE_ADDR);
>
> I have changed the HTTP_X_FORWARDED_FOR to x-forwarded-for in lower  
> and
> upper case but the software still did not pick it up.
>
> However I am not keen on changing the source code as that complicates
> matters when you upgrade and someone might forget to change the source
> code again or not read the documentation
>
> After a bit of googling I thought I would give RequestHeader a go and
> wrote the following:
>
> RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"
>
> However the forum software does not pick this up and nor do I see the
> value in my log file:
> LogFormat "xforwarded:%{x-forwarded-for}i
> rlnclient:%{rlnclientipaddr}i   forumsoftware:%{HTTP_X_FORWARDED_FOR}i
> vanilla: %h" gg2
>
> This is a typical log entry:
> xforwarded:10.241.115.240   rlnclient:10.241.115.240
> forumsoftware:(null)   vanilla: 10.200.11.43
>
> Am I using request header wrong or doing something else stupid?

Sounds like you're almost there. For testing you might add a <?  
phpinfo(); ?> call somewhere on a testing page and review the output.  
The right PHP variable would show up, and also an environment variable  
if there is one.

I'm not sure that in
   RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"
the x-forwarded-for should be in lower case. The PHP-info page would  
show the exact spelling. Also, in the logline you have
   %{x-forwarded-for}i
(which seems to work) while in the RequestHeader directive you have
   %{x-forwarded-for}e
(which doesn't seem to work). This indicates that the value is  
available as a HTTP header value, but not as an environment variable.  
So all in all, in the RequestHeader directive you're probably  
addressing a non-existent environment variable, to create an HTTP  
header -- while you have an (albeit differently named) HTTP header to  
start with.

I couldn't reproduce your situation, but hope that there are some  
useful pointers above. Usually with PHP I just try the phpinfo() call  
to see what exactly is available, and then I go from there.  Off the  
top of my head, there might be a variable _SERVER["X-Forwarded-For"]  
readily available for you.

- --
Best regards / met vriendelijke groet, Karel Kubat



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkmQtkcACgkQ23FrzRzybNUZwgCgqMAVx/Hh6Q5zsL2t6kER3O/0
kFYAoNiWNjDaJ18Dp7x94XNst6sXDTZ+
=gN04
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message