Re: problem with forwardfor option

From: Dima Brodsky <dima#worio.com>
Date: Wed, 21 Jan 2009 17:21:02 -0800


Hmmm ... But what I am seeing in the logs is the following:

without mod_rpaf in the logs I see:

%{X-Forwarded-For}i == 'client ip'

%h                                 == 'proxy ip'

and with keep-live I see:

%{X-Forwarded-For}i == empty

%h                                 == 'proxy ip'


with mod_rpaf I see:

%{X-Forwarded-For}i == 'client ip'

%h                                 == 'client ip'

and with keep-live I see:

%{X-Forwarded-For}i == empty

%h                                 == 'proxy ip'

so even with mod_rpaf I still see the proxy ip with %h when keep-alive is used, and my application see the proxy ip :(

On 21-Jan-09, at 5:03 PM, Patrick Viet wrote:

> On Wed, Jan 21, 2009 at 11:40 PM, Dima Brodsky <dima#worio.com> wrote:
>> I am telling mod_rpaf to look at both the local and the assigned
>> IP. I am
>> also seeing it being re-writtent about 50% of the time, but a lot
>> of the
>> times I still see the poxy's IP. Question, this setup is running on
>> Amazon's EC2 ... does anybody know if there is any sort of special
>> config
>> that needs to be done? In the http logs I am printing %h and
>> %{X-Forwarded-For}i
>
> Hi,
>
> OK I get it now. You are *NOT* supposed to get a X-Forwarded-for the
> second time : you actually do not get it ! Just ignore the existence
> of it in your apache config. Log with normal log parameters...
> mod_rpaf replaces remote ip (%h) variable for apache and whatever is
> running in it (mod_php and so on).
>
>> Yes, mod_rpaf is at the end of the module list, should it be closer
>> to the
>> top? I am new to apache config, so I gather modules are processed in
>> reverse order they are listed in the config file?
>
> Yes.
>
> --
> Patrick Viet
>

--
dima@worio.com                               http://www.cs.ubc.ca/~dima

"The price of reliability is the pursuit of the utmost simplicity.
It is a price which the very rich find the most hard to pay."
                                                                      
(Sir Antony Hoare, 1980)
Received on 2009/01/22 02:21

This archive was generated by hypermail 2.2.0 : 2009/01/22 02:30 CET