httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karel Kubat <>
Subject Re: [users@httpd] RequesHeader directive not adding directive
Date Mon, 09 Feb 2009 23:03:35 GMT
Hash: SHA1


On Feb 9, 2009, at 6:24 PM, <> <

 > wrote:

> We have a forum site that is behind a load balancer and the site  
> relies
> on ip addresses to detect failed logins. This does not work because  
> the
> loadbalancer changes the source ip address to that of itself.
> our load balancer(f5) adds the original ip as x-forwarded-for http
> header.
> However the third party software that we use don't pick up this  
> header.
> Here is the relevant line(I think anyway, the function is called
> fetch_alt_ip) from the software:
> else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND
> preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s',
> $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
> Sidenote:
> If I have to change the code the following works by editing the  
> fetch_ip
> function from:
> return $_SERVER['REMOTE_ADDR'];
> to
> return (getenv(HTTP_X_FORWARDED_FOR))
> : getenv(REMOTE_ADDR);
> I have changed the HTTP_X_FORWARDED_FOR to x-forwarded-for in lower  
> and
> upper case but the software still did not pick it up.
> However I am not keen on changing the source code as that complicates
> matters when you upgrade and someone might forget to change the source
> code again or not read the documentation
> After a bit of googling I thought I would give RequestHeader a go and
> wrote the following:
> RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"
> However the forum software does not pick this up and nor do I see the
> value in my log file:
> LogFormat "xforwarded:%{x-forwarded-for}i
> rlnclient:%{rlnclientipaddr}i   forumsoftware:%{HTTP_X_FORWARDED_FOR}i
> vanilla: %h" gg2
> This is a typical log entry:
> xforwarded:   rlnclient:
> forumsoftware:(null)   vanilla:
> Am I using request header wrong or doing something else stupid?

Sounds like you're almost there. For testing you might add a <?  
phpinfo(); ?> call somewhere on a testing page and review the output.  
The right PHP variable would show up, and also an environment variable  
if there is one.

I'm not sure that in
   RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"
the x-forwarded-for should be in lower case. The PHP-info page would  
show the exact spelling. Also, in the logline you have
(which seems to work) while in the RequestHeader directive you have
(which doesn't seem to work). This indicates that the value is  
available as a HTTP header value, but not as an environment variable.  
So all in all, in the RequestHeader directive you're probably  
addressing a non-existent environment variable, to create an HTTP  
header -- while you have an (albeit differently named) HTTP header to  
start with.

I couldn't reproduce your situation, but hope that there are some  
useful pointers above. Usually with PHP I just try the phpinfo() call  
to see what exactly is available, and then I go from there.  Off the  
top of my head, there might be a variable _SERVER["X-Forwarded-For"]  
readily available for you.

- --
Best regards / met vriendelijke groet, Karel Kubat

Version: GnuPG v1.4.9 (Darwin)


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message