On 23.05.08 21:12, howard chen wrote: > This is my current setup in using squid3 as reverse proxy in front of > apache: > > browser (e.g. 202.182.201.3) <----> squid3 stable6 <----> apache 1.3.37 > (PHP) > > My PHP will get the user IP by HTTP_X_FORWARDED_FOR pass by squid. > > Now the problem is: > > 1. if user send a request already contains header of > "X_FORWARDED_FOR", Apache will ignore the value set by Squid and will > use the client one, > so my program will be cheated by the client as the IP can be any > specified by client. the squid will modify x-forwarded-for and add its own IP to it, so apache and scripts will get list of all IPs there. You can always configure your script only to trust your squid when resolving x-forwarded-for or configure squid to throw that header received from client. Squid has nice X-Forwarded-For processing and trusted path configuration - look at its config to see how it does that. You can to it the same way. > This only occur in Apache 1.x but not Apache 2.x wow -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx