httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Adding module to Apache-httpd
Date Tue, 01 Dec 2009 01:38:56 GMT
Ruiyuan Jiang wrote:
> I compiled remoteip module and loaded it without problem.
> In one of my virtualhost of Apache reverse proxy, I added and tested:
> 
> RemoteIPHeader X-Client-IP
> Or
> RemoteIPHeader X-Forwarded-For
> 
> Or both
> 
> I don't see the remote client IP is being forwarded to the backend server from Apache
as it supposed to be. Does anyone know why or what I did wrong? Thanks.

There is the %{Header-Name}i syntax of the custom log, so you could easily
verify which header is actually in use.  X-Forwarded-For is the usual 'public'
method, but nobody promises you'll have such information assigned.  The other
example would entirely depend on your load balancer/router which picks up the
requests and has redispatched them.  Usually such devices will *not* share any
info over the web, but replace that particular header unilaterally.

Also note the module will only set the IP address as 'authentic' when the remote
machine is trusted, see

http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html#remoteipinternalproxy

and the commentary at the top of that page.

[I'm thinking about a RemoteIPTrustedHeader directive that wouldn't deal with
that scrutiny, but I'm a bit hesitant.  You know your own IP's of your own
infrastructure to trust such proxies, right?]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message