I am telling mod_rpaf to look at both the local and the assigned IP.
I am also seeing it being re-writtent about 50% of the time, but a lot
of the times I still see the poxy's IP. Question, this setup is
running on Amazon's EC2 ... does anybody know if there is any sort of
special config that needs to be done? In the http logs I am printing
%h and %{X-Forwarded-For}i
Yes, mod_rpaf is at the end of the module list, should it be closer to the top? I am new to apache config, so I gather modules are processed in reverse order they are listed in the config file?
Thanks!
Dima
On 21-Jan-09, at 1:43 PM, Patrick Viet wrote:
> Hi,
>
> HAProxy only add the X-Forwarded for at the beginning of the
> connection.
> This is because it doesn't do any other processing on the next
> requests.
>
> With mod_rpaf everything is working perfectly for me. It has been for
> several months in a professionnal hosting environment with several
> top100 French websites.
>
> Did you load mod_rpaf completely at the end of the module list ? That
> way it would be processed first.
> It may be some kind of config issue. Did you allow the right IP
> address ? For example if you call on localhost something on and IP
> address, Linux would bind that address and not 127.0.0.1. You might
> want to checkout this.
>
> Patrick
>
> On Wed, Jan 21, 2009 at 8:13 PM, Dima Brodsky <dima#worio.com> wrote:
>> Sure. The original problem with haproxy, apache, and keep-alive
>> was that I
>> was seeing the proxy's IP at the apache server. I.e. HAProxy would
>> not add
>> the X-Forwarded-For header for keep-alive connections.
>> With mod_rpaf the host is changed to the X-Forwarded-For IP as
>> advertised,
>> but for keep-alive connections I still see the IP being that of the
>> proxy
>> rather than the original client IP.
>>
>>
>> On 21-Jan-09, at 11:00 AM, David Rorex wrote:
>>
>> Hi,
>>
>> I'm looking at using mod_rpaf myself, but I'm worried when you say
>> things
>> still seem to be broken. Could you elaborate on what exactly is
>> going wrong?
>>
>> Thanks,
>> David R
>>
>> On Wed, Jan 21, 2009 at 10:52 AM, Dima Brodsky <dima#worio.com>
>> wrote:
>>>
>>> Thanks Patrick,
>>>
>>> I read the post and tried mod_rpaf version 0.6. I got mixed
>>> results.
>>> Although it set the host correctly, things still seemed to be
>>> broken when
>>> keep-alive was used. Not sure if this is a config issue or not, but
>>> currently because I am running this in a test environment both the
>>> proxy and
>>> apache are on the same machine. HAProxy is on port 80 and apache
>>> is on port
>>> 8080.
>>>
>>> Thanks for your help!
>>> ttyl
>>> Dima
>>>
>>> On 20-Jan-09, at 5:34 PM, Patrick Viet wrote:
>>>
>>>> On Wed, Jan 21, 2009 at 12:58 AM, Dima Brodsky <dima#worio.com>
>>>> wrote:
>>>>
>>>>> I am running haproxy (HA-Proxy version 1.3.15.7 2008/12/04) and
>>>>> I am
>>>>> having
>>>>> problems with the forwardfor option.
>>>>
>>>> Hi
>>>>
>>>> Please read my answer a couple days ago.
>>>> http://www.formilux.org/archives/haproxy/0901/1678.html
>>>>
>>>> Willy you might want to add that to the HAProxy FAQ if there is
>>>> one.
>>>> Or at least somewhere in the documentation.
>>>>
>>>> Regards,
>>>>
>>>> --
>>>> Patrick Viet
>>>>
>>>
>>>
>>>
>>> --
>>> dima@worio.com http://www.cs.ubc.ca/~dima
>>>
>>> "The price of reliability is the pursuit of the utmost simplicity.
>>> It is a price which the very rich find the most hard to pay."
>>>
>>> (Sir
>>> Antony Hoare, 1980)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>> --
>> dima@worio.com http://www.cs.ubc.ca/~dima
>> "The price of reliability is the pursuit of the utmost simplicity.
>> It is a price which the very rich find the most hard to pay."
>>
>> (Sir
>> Antony Hoare, 1980)
>>
>>
>>
>>
>>
>>
>>
>>
>
-- dima@worio.com http://www.cs.ubc.ca/~dima "The price of reliability is the pursuit of the utmost simplicity. It is a price which the very rich find the most hard to pay." (Sir Antony Hoare, 1980)Received on 2009/01/21 23:40
This archive was generated by hypermail 2.2.0 : 2009/01/21 23:45 CET