Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> > Have you tried looking at the X-Forwarded-For header? (Appears in CGI
> > scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
> > mod_proxy, as far as I know.
>
> yes I know this but all the scripts of my customers are looking for
> REMOTE_ADDR etc. So how can I forward this to my internal servers behind the
> proxy server?

Werner,

(You're probably not going to like this answer - all I can say is that I'm
sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do
I manage more than about fifty users with CGI web pages, and our attitude
to them is very much 'if it breaks, fix it yourself'.)

>From what I understand of CGI, it is difficult do this. The
REMOTE_ADDR variable is set on the receiving (internal) server - you'll
have to override it from there.

You might want to examine:
- mod_rewrite on the internal servers - I don't know enough about
mod_rewrite to be able to tell you if (and how) it can change local CGI
variables.

- writing some evil wrapper that rearranges - for example, replacing your
PERL/Python/whatever executables with a shell script that tests for the
presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be
careful with this - X_FORWARDED_FOR does -not- have the same semantics as
REMOTE_ADDR (see what happens when you pass through two proxy servers, for
example).

- sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your
customers! There are bucketloads of examples for detecting and fixing
proxy headers

Have a look at the nearest thing to a CGI standard at
http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html for more
information on CGI variables.

The second option above is what someone like me would do :-) (we have no
qualms about 'evil hacks' here - our version of suexec has to be patched
every time we upgrade Apache, to give just one example).

Best of luck,

David Adam
zanchey@xxxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux