Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EBA8517824 for ; Wed, 1 Oct 2014 18:01:31 +0000 (UTC) Received: (qmail 76624 invoked by uid 500); 1 Oct 2014 18:01:28 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 76588 invoked by uid 500); 1 Oct 2014 18:01:28 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 76578 invoked by uid 99); 1 Oct 2014 18:01:28 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Oct 2014 18:01:28 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [206.46.173.23] (HELO vms173023pub.verizon.net) (206.46.173.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Oct 2014 18:01:01 +0000 Received: from Christophers-MacBook-Pro.local ([unknown] [71.178.180.80]) by vms173023.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0NCS003ZB213S1L1@vms173023.mailsrvcs.net> for users@httpd.apache.org; Wed, 01 Oct 2014 13:00:40 -0500 (CDT) Message-id: <542C4143.6040602@christopherschultz.net> Date: Wed, 01 Oct 2014 14:00:35 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-version: 1.0 To: users@httpd.apache.org Content-type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary=bSEj36TAQk8AOXK8WO8Fbw0N4XrrG82VV X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] mod_remoteip not setting client's ip with AWS ELB --bSEj36TAQk8AOXK8WO8Fbw0N4XrrG82VV Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable All, I'm trying to get httpd working behind an AWS ELB but still using the remote client's information whenever possible. ELB provides the X-Forwarded-For, X-Forwarded-Port, and X-Forwarded-Proto HTTP headers. My configuration looks like this: RemoteIPHeader X-Forwarded-For #RemoteIPTrustedProxy 10.0.0.0/8 (I commented-out the RemoteIPTrustedProxy line to see if that was the problem, and it does not appear to have changed the behavior). My true client IP address is 71.178.xxx.yyy and I'm making a request through the load balancer. I'm using PHP's "phpinfo()" to dump everything about the request. I can see that the X-Forwarded-For header has been /removed/ from the request (which mod_remoteip says will happen), but I'm still getting the ELB's IP address in my access logs: 10.32.xxx.yyy - - [01/Oct/2014:17:59:27 +0000] "GET /info.php HTTP/1.1" 200 72810 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0" I have definitely restarted httpd and mod_remoteip is definitely enabled (no errors on start, X-Forwarded-For header is being removed from the headers). Am I missing something in my configuration? Thanks, -chris --bSEj36TAQk8AOXK8WO8Fbw0N4XrrG82VV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJULEFHAAoJEBzwKT+lPKRYnTUP/30WiD3u/GllUhE0YWwX3rlT 4xrZaksmSIhZ5ANMx2Nd1kfDuOXWTx4wR2+Hi2I/zSl2494Mgv1LY2MK7R9SqAz4 rOcJMMZHhiYbvHLfMqjNCbxOfCie2hU1xhrwBDdIh8sDPjq2zV8a/3Td0/ouFS3y Y+oFr+qe7mpBlkCQ+p6z4Wr1Iu2Lg0zcqXiRkt63sY/n9vPIGfgzzQXs4aI+x47N r1AUjK+6YfEGeHHwK1zwRpxLbezElxvNkoNE3ax2lQSHTT2UaJDgAOhnfzyt82LD 5801NSsGCQaGa7gIfwseciYNP8+I94AQnsoH/9CmjGHUSO9reLGi/+I4ohBgthV5 3YbP8zLYzIau3ed4lMBMthSl82EcVma9xqxPbTnYzG8Vuq5t3aBRU1rWDX5ZJbvA uUn6liAh4n4o9nLUZqKY1CrenB8DVM/Xd5NNdqtNop+zncX4kLMIX/B4CxpW/8Xz 3TPnJ1mT6XqHDr2+YBnj7Fsn/TnhZD7CfaqncshFbPcKq22zXP2ccn9e7RDvhr57 UkVll6gzTPgR0gv9newm93FGKFU3nTsTMWsCkPQO+dKLmLJrO7NQctDfK9DT5THc U8urrO/ZUzc/20jhRa2pjeVuO/rAWD6QIUPH2wljK9UOdvtj41rhWVgUd+oyE6ZY zPVVNVHCL3BUP8W8Lt8g =leTS -----END PGP SIGNATURE----- --bSEj36TAQk8AOXK8WO8Fbw0N4XrrG82VV--