mod_proxy / mod_rewrite: Passing remote IP address to internal server - Apache

This is a discussion on mod_proxy / mod_rewrite: Passing remote IP address to internal server - Apache ; Hi, I do use mod_proxy as a reverse / forward proxy as follows: Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual server using Linux vserver - private IP address, Apache 2) Now all the requests ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11

mod_proxy / mod_rewrite: Passing remote IP address to internal server

  1. Default mod_proxy / mod_rewrite: Passing remote IP address to internal server

    Hi,

    I do use mod_proxy as a reverse / forward proxy as follows:

    Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual
    server using Linux vserver - private IP address, Apache 2)

    Now all the requests that are send to the public IP address are forwarded to
    the internal server(s). The problem is that the original IP of the remote
    client is not passed to the internal server so for the internal servers it
    looks like the public server is making all the requests. My question now is:
    How can I pass the remote_addr of the client making the request to the
    internal server using mod_rewrite or mod_proxy? I mean I want the IP not only
    to be logable inside the virtual server (with the private ip) but also I
    would like PHP scripts etc. to correctly get the IP's of the remote clients.

    Any input is greatly appreciated.

    All the best & thanks,
    Werner.

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  2. Default Re: mod_proxy / mod_rewrite: Passing remote IP addressto internal server

    On Wed, 15 Jun 2005, Werner Schalk wrote:
    > I do use mod_proxy as a reverse / forward proxy as follows:
    >
    > Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual
    > server using Linux vserver - private IP address, Apache 2)
    >
    > Now all the requests that are send to the public IP address are forwarded to
    > the internal server(s). The problem is that the original IP of the remote
    > client is not passed to the internal server so for the internal servers it
    > looks like the public server is making all the requests. My question now is:
    > How can I pass the remote_addr of the client making the request to the
    > internal server using mod_rewrite or mod_proxy? I mean I want the IP not only
    > to be logable inside the virtual server (with the private ip) but also I
    > would like PHP scripts etc. to correctly get the IP's of the remote clients.


    Have you tried looking at the X-Forwarded-For header? (Appears in CGI
    scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
    mod_proxy, as far as I know.

    Cheers,

    David Adam
    zanchey@ucc.gu.uwa.edu.au


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  3. Default Re: mod_proxy / mod_rewrite: Passing remote IP address to internal server

    Hi,

    > Have you tried looking at the X-Forwarded-For header? (Appears in CGI
    > scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
    > mod_proxy, as far as I know.


    yes I know this but all the scripts of my customers are looking for
    REMOTE_ADDR etc. So how can I forward this to my internal servers behind the
    proxy server?

    Thanks and bye,
    Werner.

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  4. Default Re: mod_proxy / mod_rewrite: Passing remote IP addressto internal server

    > > Have you tried looking at the X-Forwarded-For header? (Appears in CGI
    > > scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
    > > mod_proxy, as far as I know.

    >
    > yes I know this but all the scripts of my customers are looking for
    > REMOTE_ADDR etc. So how can I forward this to my internal servers behind the
    > proxy server?


    Werner,

    (You're probably not going to like this answer - all I can say is that I'm
    sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do
    I manage more than about fifty users with CGI web pages, and our attitude
    to them is very much 'if it breaks, fix it yourself'.)

    From what I understand of CGI, it is difficult do this. The
    REMOTE_ADDR variable is set on the receiving (internal) server - you'll
    have to override it from there.

    You might want to examine:
    - mod_rewrite on the internal servers - I don't know enough about
    mod_rewrite to be able to tell you if (and how) it can change local CGI
    variables.

    - writing some evil wrapper that rearranges - for example, replacing your
    PERL/Python/whatever executables with a shell script that tests for the
    presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be
    careful with this - X_FORWARDED_FOR does -not- have the same semantics as
    REMOTE_ADDR (see what happens when you pass through two proxy servers, for
    example).

    - sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your
    customers! There are bucketloads of examples for detecting and fixing
    proxy headers

    Have a look at the nearest thing to a CGI standard at
    http://cgi-spec.golux.com/draft-coar...-03-clean.html for more
    information on CGI variables.

    The second option above is what someone like me would do :-) (we have no
    qualms about 'evil hacks' here - our version of suexec has to be patched
    every time we upgrade Apache, to give just one example).

    Best of luck,

    David Adam
    zanchey@ucc.gu.uwa.edu.au


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  5. Default mod_disk_cache and local files updating

    I am using apache 2.0.53 with apache 1.3.33 in Perl proxied mode on a
    Linux Mandrake 9.2/ dual Xeon server.
    Apache 2 was compiled as RPM (I backported it from Mandriva 10.2) with
    mod_cache and mod_disk_cache enabled and installed.
    It works fine, but sometimes, for some vhosts, updating (replacing) a
    html file doesn't result in file appearing changed on http access, even
    if this access is performed from the server that hosts the site. If this
    happens and I erase the cache root (/var/cache/httpd in my case)
    contents, the new file is finally seen by apache.

    This only happens on heavy traffic and not for all vhosts on the server;
    it seems that it happens more probably on files edited under Windows
    (but I am not very sure of that, because this behavior seems quite
    random; I can have weeks/months without this happening).

    I don't know very well the site structure on the vhost where the problem
    was reported, it's some user's site, but I don't think the cause would
    be a html error.
    I think the problem is rather related to mod_disk_cache but I don't know
    why it happens. Anybody could give me a clue?
    Thanks
    Florin







    ___________________________________________________________________________
    Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger
    TÚlÚchargez cette version sur http://fr.messenger.yahoo.com


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  6. Default Re: mod_proxy / mod_rewrite: Passing remote IP address to internal server

    On 6/15/05, David Adam <zanchey@ucc.gu.uwa.edu.au> wrote:
    > (You're probably not going to like this answer - all I can say is that I'm
    > sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do
    > I manage more than about fifty users with CGI web pages, and our attitude
    > to them is very much 'if it breaks, fix it yourself'.)
    >
    > From what I understand of CGI, it is difficult do this. The
    > REMOTE_ADDR variable is set on the receiving (internal) server - you'll
    > have to override it from there.
    >
    > You might want to examine:
    > - mod_rewrite on the internal servers - I don't know enough about
    > mod_rewrite to be able to tell you if (and how) it can change local CGI
    > variables.


    This won't, in general, work. The CGI environment variables are set
    at the last minute before launching CGI scripts and hence can't be
    overriden in the apache configuration.

    >
    > - writing some evil wrapper that rearranges - for example, replacing your
    > PERL/Python/whatever executables with a shell script that tests for the
    > presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be
    > careful with this - X_FORWARDED_FOR does -not- have the same semantics as
    > REMOTE_ADDR (see what happens when you pass through two proxy servers, for
    > example).
    >
    > - sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your
    > customers! There are bucketloads of examples for detecting and fixing
    > proxy headers


    Both good suggestions.

    The only other suggestion is to write an apache module that modifies
    the internal apache request structure to replace the address. This
    wouldn't be too difficult (and I think such a module already exists
    for 1.3 but not for 2.1), but you would need to be extremely careful
    not to mess up the security of your server.

    Joshua.

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  7. Default Re: mod_disk_cache and local files updating

    On 6/15/05, Florin Gherendi <florin_gf@yahoo.fr> wrote:
    > I am using apache 2.0.53 with apache 1.3.33 in Perl proxied mode on a
    > Linux Mandrake 9.2/ dual Xeon server.
    > Apache 2 was compiled as RPM (I backported it from Mandriva 10.2) with
    > mod_cache and mod_disk_cache enabled and installed.
    > It works fine, but sometimes, for some vhosts, updating (replacing) a
    > html file doesn't result in file appearing changed on http access, even
    > if this access is performed from the server that hosts the site. If this
    > happens and I erase the cache root (/var/cache/httpd in my case)
    > contents, the new file is finally seen by apache.
    >
    > This only happens on heavy traffic and not for all vhosts on the server;
    > it seems that it happens more probably on files edited under Windows
    > (but I am not very sure of that, because this behavior seems quite
    > random; I can have weeks/months without this happening).
    >
    > I don't know very well the site structure on the vhost where the problem
    > was reported, it's some user's site, but I don't think the cause would
    > be a html error.
    > I think the problem is rather related to mod_disk_cache but I don't know
    > why it happens. Anybody could give me a clue?


    mod_cache/mod_disk_cache use standard HTTP caching rules to determine
    when to check for updates. In general, there is no way for the cache
    to know when a file has been updated. It will only do freshness
    checks according to the information it has in the Cache-control,
    Expires, and Last-Modified headers. So if you want the freshness
    checked more often, you need to modify those headers on the content.

    Joshua.

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  8. Default No services Installed

    I've got Apache running on Windows XP Professional. When I bring it
    up, it says there are no services installed. *sigh* What did I do
    wrong? I modified the config file, but I know I'm missing something.
    HELP? How do I install services so people can see my webpages?

    Dana


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  9. Default Re: No services Installed

    Can you be more specific? Like what exactly do you do when you try to bring
    Apache up?

    You can install apache as a service by typing "apache -k install" at the
    command prompt.

    Did you use the installer to install?

    Check out http://httpd.apache.org/docs/2.0/platform/windows.html

    Cheers,
    Emmanuel


    ----- Original Message -----
    From: "Dana Marshall" <webmaster@danawheels.net>
    To: <users@httpd.apache.org>
    Sent: Saturday, November 12, 2005 1:38 PM
    Subject: [users@httpd] No services Installed


    > I've got Apache running on Windows XP Professional. When I bring it up, it
    > says there are no services installed. *sigh* What did I do wrong? I
    > modified the config file, but I know I'm missing something. HELP? How do I
    > install services so people can see my webpages?
    >
    > Dana
    >
    >
    > ---------------------------------------------------------------------
    > The official User-To-User support forum of the Apache HTTP Server Project.
    > See <URL:http://httpd.apache.org/userslist.html> for more info.
    > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    > " from the digest: users-digest-unsubscribe@httpd.apache.org
    > For additional commands, e-mail: users-help@httpd.apache.org
    >



    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



  10. Default Re: No services Installed

    I am running Windows XP... when I click on START (as in the icon
    START) for Apache), it brings it up, but when I double click on the
    icon in the system tray, it says there are no services installed.
    Does that help?

    Dana

    At 12:53 AM 11/12/2005, you wrote:
    >Can you be more specific? Like what exactly do you do when you try
    >to bring Apache up?
    >
    >You can install apache as a service by typing "apache -k install" at
    >the command prompt.
    >
    >Did you use the installer to install?
    >
    >Check out http://httpd.apache.org/docs/2.0/platform/windows.html
    >
    >Cheers,
    >Emmanuel
    >
    >
    >----- Original Message ----- From: "Dana Marshall" <webmaster@danawheels.net>
    >To: <users@httpd.apache.org>
    >Sent: Saturday, November 12, 2005 1:38 PM
    >Subject: [users@httpd] No services Installed
    >
    >
    >>I've got Apache running on Windows XP Professional. When I bring it
    >>up, it says there are no services installed. *sigh* What did I do
    >>wrong? I modified the config file, but I know I'm missing
    >>something. HELP? How do I install services so people can see my webpages?
    >>
    >>Dana
    >>
    >>
    >>---------------------------------------------------------------------
    >>The official User-To-User support forum of the Apache HTTP Server Project.
    >>See <URL:http://httpd.apache.org/userslist.html> for more info.
    >>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    >> " from the digest: users-digest-unsubscribe@httpd.apache.org
    >>For additional commands, e-mail: users-help@httpd.apache.org

    >
    >
    >---------------------------------------------------------------------
    >The official User-To-User support forum of the Apache HTTP Server Project.
    >See <URL:http://httpd.apache.org/userslist.html> for more info.
    >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    > " from the digest: users-digest-unsubscribe@httpd.apache.org
    >For additional commands, e-mail: users-help@httpd.apache.org
    >
    >



    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org



+ Reply to Thread
Page 1 of 2 1 2 LastLast