-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,On Feb 9, 2009, at 6:24 PM, <Gerhardus.Geldenhuis@xxxxxxxxxxxxxx> <Gerhardus.Geldenhuis@xxxxxxxxxxxxxx > wrote:
We have a forum site that is behind a load balancer and the site relies on ip addresses to detect failed logins. This does not work because theloadbalancer changes the source ip address to that of itself. our load balancer(f5) adds the original ip as x-forwarded-for http header.However the third party software that we use don't pick up this header.Here is the relevant line(I think anyway, the function is called fetch_alt_ip) from the software: else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) Sidenote:If I have to change the code the following works by editing the fetch_ipfunction from: return $_SERVER['REMOTE_ADDR']; to return (getenv(HTTP_X_FORWARDED_FOR)) ? getenv(HTTP_X_FORWARDED_FOR) : getenv(REMOTE_ADDR);I have changed the HTTP_X_FORWARDED_FOR to x-forwarded-for in lower andupper case but the software still did not pick it up. However I am not keen on changing the source code as that complicates matters when you upgrade and someone might forget to change the source code again or not read the documentation After a bit of googling I thought I would give RequestHeader a go and wrote the following: RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e" However the forum software does not pick this up and nor do I see the value in my log file: LogFormat "xforwarded:%{x-forwarded-for}i rlnclient:%{rlnclientipaddr}i forumsoftware:%{HTTP_X_FORWARDED_FOR}i vanilla: %h" gg2 This is a typical log entry: xforwarded:10.241.115.240 rlnclient:10.241.115.240 forumsoftware:(null) vanilla: 10.200.11.43 Am I using request header wrong or doing something else stupid?
Sounds like you're almost there. For testing you might add a <? phpinfo(); ?> call somewhere on a testing page and review the output. The right PHP variable would show up, and also an environment variable if there is one.
I'm not sure that in RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"the x-forwarded-for should be in lower case. The PHP-info page would show the exact spelling. Also, in the logline you have
%{x-forwarded-for}i (which seems to work) while in the RequestHeader directive you have %{x-forwarded-for}e(which doesn't seem to work). This indicates that the value is available as a HTTP header value, but not as an environment variable. So all in all, in the RequestHeader directive you're probably addressing a non-existent environment variable, to create an HTTP header -- while you have an (albeit differently named) HTTP header to start with.
I couldn't reproduce your situation, but hope that there are some useful pointers above. Usually with PHP I just try the phpinfo() call to see what exactly is available, and then I go from there. Off the top of my head, there might be a variable _SERVER["X-Forwarded-For"] readily available for you.
- -- Best regards / met vriendelijke groet, Karel Kubat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkmQtkcACgkQ23FrzRzybNUZwgCgqMAVx/Hh6Q5zsL2t6kER3O/0 kFYAoNiWNjDaJ18Dp7x94XNst6sXDTZ+ =gN04 -----END PGP SIGNATURE----- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx