perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Moseley" <moseleym...@gmail.com>
Subject Settings $r->connection->remote_ip doesn't change $r->connection->remote_addr
Date Thu, 18 Dec 2008 18:56:11 GMT
I've been banging my head against a wall about a particular issue, but
I'm at something of a loss.

I've got a reverse proxy setup in front of apache (2.2.10 with mp
2.0.4) and setting $r->connection->remote_ip based on a header I add
on the reverse proxy. All that is working ok. The bit that I'm
perplexed about is that when I call $r->connection->remote_ip( $new_ip
), the corresponding ip in $r->connection->remote_addr (i.e. what's
returned by "APR::SockAddr::ip_get") is still set to the original IP.
I've verified on my existing Apache1 boxes that when I call
$r->connection->remote_ip( $new_ip ), the remote_addr structure is
getting set. I've been doing this reverse proxying with apache1 for
quite a while and haven't seen this come up ever.


Here's a line of code and the resulting error_log excerpt from apache2
where the remote IP that I'm setting is 1.1.1.1 but the real address
of the reverse proxy is 192.168.1.33:

$r->log_error( "[$$] [postread] remote_ip is now " .
$r->connection->remote_ip() . ", socket: " .
$r->connection->remote_addr->ip_get );

[Thu Dec 18 12:16:10 2008] [error] [6938] [postread] remote_ip is now
1.1.1.1, socket: 192.168.1.33


Here's the same from apache1 with all the extra stuff to deal with the
packed sockaddr:

my $remote_addr = $r->connection->remote_addr;
my ( $remote_addr_port, $remote_addr_ip ) = sockaddr_in( $remote_addr );
$remote_addr_ip = inet_ntoa( $remote_addr_ip );
$r->log_error( "[$$] [postread] remote_ip is now " .
$r->connection->remote_ip() . ", socket: $remote_addr_ip" );

[Thu Dec 18 13:14:50 2008] [error] [7179] [postread] remote_ip is now
1.1.1.1, socket: 1.1.1.1


The significance is that if you do IP-based allow/deny in your apache
conf and/or .htaccess via mod_authz_host, it seems to be using the
remote_addr structure, so if I set, e.g., "Deny from 1.1.1.1" on
apache2, it doesn't actually deny it but setting it to "Deny from
192.168.1.33" or "Deny from 192.168." denies it. On apache1, it's
correctly denying based on the address I'm setting with
$r->connection->remote_ip( $new_ip ).

I've also verified that the same thing happens on a stock Debian Etch
apache2+mp (2.2.8 + mp 2.0.3), so it's not limited to apache 2.2.10 or
mp 2.0.4.

Am I doing something very wrong? I don't see that the
Apache2::Connection API has changed with regards to remote_ip() and
this same setup worked just fine in apache1. How are other people
doing this with apache2/mp2?

Mime
View raw message