On Mon, Jan 31, 2011 at 12:50 PM, J.Lance Wilkinson <jlw12@xxxxxxxxxxxxxxx> wrote: > I've got a set of identical webservers, all Apache 2.2.6, with > configurations > such that authorized IP addresses are allowed access to locations handled by > the server-info and server-status handlers. > > These work fine when visiting the individual servers. > > Now I put a load balancer in front of them all, and incorporate the > mod_remoteip module into them to accept the load balancer inserted > X-Forwarded-For header as the actual requesting IP address. > > Users from acceptable IP addresses coming in through the load balancer get > either a 404, a 403 or a blank page (and the error log shows an aborting > child > process in that case). > > If there's a basic incompatibility between these handlers and mod_remoteip, > like for example, maybe they do their thing BEFORE mod_remoteip appears in > the > processing stack, I'll accept that. Â After all, the main reason I want to > do > it from the load balancer is to just see which server is being handed any > arbitrary request; it's a trivial thing. > > But if it SHOULD be working I'd like to know what I'm doing wrong. > According to the docs on mod_remoteip, it should work as you expect: """ The module replaces the apparent remote (client) IP/hostname for the request with the IP address reported in the request header configured with the RemoteIPHeader directive. Once replaced as instructed, this apparent IP address is then used for mod_authz_host features <Require host> and <Require ip>, is reported by mod_status, and is recorded by mod_log_config %a and %h directives. It also determines the machine probed for an inetd identity by mod_ident based on the IdentityCheck configuration. """ What IP addresses are logged in the access logs on the backend? If they aren't showing the client IP address, rather than the proxy IP address, then mod_remoteip is not in use or incorrectly configured. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|