Tom Evans wrote:
According to the docs on mod_remoteip, it should work as you expect: """ The module replaces the apparent remote (client) IP/hostname for the request with the IP address reported in the request header configured with the RemoteIPHeader directive. Once replaced as instructed, this apparent IP address is then used for mod_authz_host features <Require host> and <Require ip>, is reported by mod_status, and is recorded by mod_log_config %a and %h directives. It also determines the machine probed for an inetd identity by mod_ident based on the IdentityCheck configuration. """ What IP addresses are logged in the access logs on the backend? If they aren't showing the client IP address, rather than the proxy IP address, then mod_remoteip is not in use or incorrectly configured.
The actual client IP addresses seem to be showing up for one set of URIs which are IP filtered to a set of permitted ones.
In this particular case, my config file fragment reads:
Alias /artshumanities/audio "/web_extranet_etc/arts/audio"
<Directory "/web_extranet_etc/arts/audio">
Options -Indexes
AllowOverride None
Order deny,allow
Deny from all
Allow from 128.118 146.186 66.71.0.0/16 130.203
</Directory>
I have several <VirtualHost/> blocks, and since this <Directory/> block applies
equally to both my port 80 and my port 443 VirtualHosts, I defined it EXTERNAL
TO BOTH. The same goes for the various <Location/> blocks that I'd noted this
behavior on before.
The RemoteIPHeader and RemoteIPTrustedProxy directives are defined individually in each <VirtualHost/> -- this because we didn't see evidence of it working when we had it outside them.
The log entries read like (wrapped for readability): 146.186.238.23 - - [01/Feb/2011:09:50:22 -0500] "GET /artshumanities/audio/music9.htm HTTP/1.1" 403 27480 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)"I'm wondering now if this issue could have to do more w/ my Order, Deny and Allow directives than with and incompatibility between the mod_remoteip module and the server-info/server-status handlers...
--
J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@xxxxxxx
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|