Re: RequesHeader directive not adding directive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On Feb 9, 2009, at 6:24 PM, <Gerhardus.Geldenhuis@xxxxxxxxxxxxxx> <Gerhardus.Geldenhuis@xxxxxxxxxxxxxx > wrote:

We have a forum site that is behind a load balancer and the site relies on ip addresses to detect failed logins. This does not work because the
loadbalancer changes the source ip address to that of itself.

our load balancer(f5) adds the original ip as x-forwarded-for http
header.

However the third party software that we use don't pick up this header.

Here is the relevant line(I think anyway, the function is called
fetch_alt_ip) from the software:
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND
preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s',
$_SERVER['HTTP_X_FORWARDED_FOR'], $matches))

Sidenote:
If I have to change the code the following works by editing the fetch_ip
function from:
return $_SERVER['REMOTE_ADDR'];
to
return (getenv(HTTP_X_FORWARDED_FOR))
? getenv(HTTP_X_FORWARDED_FOR)
: getenv(REMOTE_ADDR);

I have changed the HTTP_X_FORWARDED_FOR to x-forwarded-for in lower and
upper case but the software still did not pick it up.

However I am not keen on changing the source code as that complicates
matters when you upgrade and someone might forget to change the source
code again or not read the documentation

After a bit of googling I thought I would give RequestHeader a go and
wrote the following:

RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"

However the forum software does not pick this up and nor do I see the
value in my log file:
LogFormat "xforwarded:%{x-forwarded-for}i
rlnclient:%{rlnclientipaddr}i   forumsoftware:%{HTTP_X_FORWARDED_FOR}i
vanilla: %h" gg2

This is a typical log entry:
xforwarded:10.241.115.240   rlnclient:10.241.115.240
forumsoftware:(null)   vanilla: 10.200.11.43

Am I using request header wrong or doing something else stupid?

Sounds like you're almost there. For testing you might add a <? phpinfo(); ?> call somewhere on a testing page and review the output. The right PHP variable would show up, and also an environment variable if there is one.

I'm not sure that in
  RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"
the x-forwarded-for should be in lower case. The PHP-info page would show the exact spelling. Also, in the logline you have
  %{x-forwarded-for}i
(which seems to work) while in the RequestHeader directive you have
  %{x-forwarded-for}e
(which doesn't seem to work). This indicates that the value is available as a HTTP header value, but not as an environment variable. So all in all, in the RequestHeader directive you're probably addressing a non-existent environment variable, to create an HTTP header -- while you have an (albeit differently named) HTTP header to start with.

I couldn't reproduce your situation, but hope that there are some useful pointers above. Usually with PHP I just try the phpinfo() call to see what exactly is available, and then I go from there. Off the top of my head, there might be a variable _SERVER["X-Forwarded-For"] readily available for you.

- --
Best regards / met vriendelijke groet, Karel Kubat



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkmQtkcACgkQ23FrzRzybNUZwgCgqMAVx/Hh6Q5zsL2t6kER3O/0
kFYAoNiWNjDaJ18Dp7x94XNst6sXDTZ+
=gN04
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux