Re: RequesHeader directive not adding directive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2009-02-09 at 17:24 +0000, Gerhardus.Geldenhuis@xxxxxxxxxxxxxx
wrote:
> Hi
> We have a forum site that is behind a load balancer and the site relies
> on ip addresses to detect failed logins. This does not work because the
> loadbalancer changes the source ip address to that of itself.
> 
> our load balancer(f5) adds the original ip as x-forwarded-for http
> header.
> 
> However the third party software that we use don't pick up this header. 
> 
> Here is the relevant line(I think anyway, the function is called
> fetch_alt_ip) from the software:
> else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND
> preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s',
> $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
> 
> Sidenote:
> If I have to change the code the following works by editing the fetch_ip
> function from:
> return $_SERVER['REMOTE_ADDR'];
> to 
> return (getenv(HTTP_X_FORWARDED_FOR))
> ? getenv(HTTP_X_FORWARDED_FOR)
> : getenv(REMOTE_ADDR);
> 
> I have changed the HTTP_X_FORWARDED_FOR to x-forwarded-for in lower and
> upper case but the software still did not pick it up.
> 
> However I am not keen on changing the source code as that complicates
> matters when you upgrade and someone might forget to change the source
> code again or not read the documentation
> 
> After a bit of googling I thought I would give RequestHeader a go and
> wrote the following:
> 
> RequestHeader append HTTP_X_FORWARDED_FOR "%{x-forwarded-for}e"
> 
> However the forum software does not pick this up and nor do I see the
> value in my log file:
> LogFormat "xforwarded:%{x-forwarded-for}i
> rlnclient:%{rlnclientipaddr}i   forumsoftware:%{HTTP_X_FORWARDED_FOR}i
> vanilla: %h" gg2
> 
> This is a typical log entry:
> xforwarded:10.241.115.240   rlnclient:10.241.115.240
> forumsoftware:(null)   vanilla: 10.200.11.43
> 
> Am I using request header wrong or doing something else stupid?
> 
> Regards
> 

I dont know about your RequestHeader issue, but for I suggest you add
mod_rpaf[1] to your application server, it pulls the X-Forwarded-For
header from incoming requests and updates the remote IP address in the
request object within apache, such that things like this 'just work'.

Cheers

Tom

[1] http://stderr.net/apache/rpaf/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux