RE: Passing remote client IP address to backend server and session stickness

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Haroon

I read http://en.wikipedia.org/wiki/X-Forwarded-For yesterday and I did not see Apache listed there. I saw squid, bluecoat, etc. listed there so I was thinking to test squid with the feature. What is your suggestion? Thanks.

Ryan

-----Original Message-----
From: Haroon Rafique [mailto:haroon.rafique@xxxxxxxxxxx] 
Sent: Tuesday, December 01, 2009 10:23 AM
To: users@xxxxxxxxxxxxxxxx
Subject: RE:  Passing remote client IP address to backend server and session stickness

On Today at 10:09am, RJ=>Ruiyuan Jiang <Ruiyuan_Jiang@xxxxxxx> wrote:

RJ> Hi, Haroon
RJ> 
RJ> I see that also but I don't know how to use them. I put the statement 
RJ> into my vhost of Apache reverse proxy and the apache complaining they 
RJ> are wrong statement, etc.
RJ> 

Hi Ryan,

X-Forwarded-For is not a statement that goes inside the httpd.conf. The 
documentation page is just telling you that these headers are already 
available to you, if you are using reverse-proxy.

RJ> 
RJ> <virtualhost>
RJ> 
RJ> ...
RJ> Proxyrequst off
RJ> .....
RJ> X-Forwarded-For
RJ> ....
RJ> </virtualhost>
RJ> 

So, don't put the X-Forwarded-For statement there.

RJ> 
RJ> Is above the correct way to use it? I am not much care about the 
RJ> remote IP being logged in the Apache log but I am care about the 
RJ> remote client IP being forwarded to the backend server since our 
RJ> backend server will decide what to do based on the remote client IP. 
RJ> Thanks.
RJ> 

For the backend server to be able to "see" the remote client IP, as if it 
was the real client IP, your application will have to be aware of the 
X-Forwarded-For. Depending on what technology you are using on the 
backend, the answer may be different about how to make your backend be 
aware of X-Forwarded-For header. Regardless of the technology, you 
probably should read up on the XFF entry at wikipedia:
http://en.wikipedia.org/wiki/X-Forwarded-For
And again, regardless of the tech, the HTTP request will contain the 
X-Forwarded-For header. On my java projects, I use xebia-france 
XForwardedFilter at:
http://code.google.com/p/xebia-france/wiki/XForwardedFilter

YMMV,

RJ> 
RJ> Ryan
RJ> 

Cheers,
--
Haroon Rafique
<haroon.rafique@xxxxxxxxxxx>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended 
recipient, please notify the sender immediately by 
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux