You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Brian Behlendorf <br...@organic.com> on 1996/11/25 23:23:45 UTC
Re: WWW Form Bug Report: "Original Host not seen via Squid proxy server" on SunOS 4.x (fwd)
This is the resolution of this bug report. I told him that this was not a
patch we'd necessarily consider working on, but since he had source it would
not be hard to do. I also pointed him towards the config logging stuff.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS
---------- Forwarded message ----------
Date: Fri, 15 Nov 1996 09:52:40 +0800
From: Greg Hitchen <g....@per.dem.csiro.au>
To: Brian Behlendorf <br...@organic.com>
Subject: Re: WWW Form Bug Report: "Original Host not seen via Squid proxy server" on SunOS 4.x (fwd)
At 11:55 PM 13/11/96 -0800, you wrote:
>> > > From: g.hitchen@per.dem.csiro.au
>> > > To: apache-bugs%apache.org@organic.com
>> > > Date: Tue Nov 12 20:03:13 1996
>> > > Subject: WWW Form Bug Report: "Original Host not seen via Squid proxy
server" on SunOS 4.x
>> > > Submitter: g.hitchen@per.dem.csiro.au
>> > > Operating system: SunOS 4.x, version:
>> > > Version of Apache Used: 1.1.1
>> > > Extra Modules used:
>> > > URL exhibiting problem:
>> > >
>> > > Symptoms:
>> > > --
>> > > Requests seen as coming from the Squid proxy
>> > > machine, NOT the originating host.
>> > >
>> > > Was OK with NCSA httpd.
>> > >
>> > > I've been told this requires a mod to Apache.
>> > > If so is support for this planned in a future
>> > > release?
>
>I'm not sure what you mean by "seen as coming from" - if you mean in the web
>logs or the CGI environment variables, yes, the server can only see those
>accesses as accesses from the proxy - there's no way it can see the IP address
>of the host behind the proxy. But you say it works with NCSA, so I'm confused.
>Could you clarify? Thanks.
>
> Brian
>
>--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
>brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS
>
>
>
OK, following are excerpts from the access_log file. Firstly when using the
NCSA httpd and secondly using Apache 1.1.1
**************** NCSA Log File ********************************************
patrickc.per.dem.CSIRO.AU,yagan.floreat.csiro.au - - [29/Jul/1996:10:10:21 +080
] "GET / HTTP/1.0" 200 2572
patrickc.per.dem.CSIRO.AU,yagan.floreat.csiro.au - - [29/Jul/1996:10:10:22 +080
] "GET /gifs/logork2.gif HTTP/1.0" 200 20722
patrickc.per.dem.CSIRO.AU,yagan.floreat.csiro.au - - [29/Jul/1996:10:10:22 +080
] "GET /icons/balls/blueball.gif HTTP/1.0" 200 326
**************** Apache Log File ******************************************
yagan.floreat.csiro.au - - [04/Nov/1996:07:05:56 +0800] "GET / HTTP/1.0" 304 -
yagan.floreat.csiro.au - - [04/Nov/1996:07:05:58 +0800] "GET /cgi-bin/Count.cgi
dd=B|df=dem.dat&ft=0 HTTP/1.0" 200 2015
yagan.floreat.csiro.au - - [04/Nov/1996:07:05:59 +0800] "GET /icons/back.xbm HT
P/1.0" 304 -
yagan.floreat.csiro.au - - [04/Nov/1996:07:06:02 +0800] "GET /unrestricted/usag
/mineprod/index.html HTTP/1.0" 200 4061
******************************************************************************
In each instance the proxy server on site here is yagan.floreat.csiro.au
In the first example the originating host, as well as the proxy host appears
in the log file.
OK Brian I passed on the info to our Organizations Web guru and this is how
he responded. I guess this means we need to modify the code ourselves?
>Date: Fri, 15 Nov 1996 11:03:50 +1100 (EST)
>From: Kent Fitch <Ke...@its.csiro.au>
>X-Sender: fit106@commsun
>To: Greg Hitchen <g....@per.dem.csiro.au>
>Subject: Re: WWW Form Bug Report: "Original Host not seen via Squid proxy
server" on SunOS 4.x (fwd)
>
>Hi Greg,
>
>We modified the CERN proxy/cache to pass on the IP address of the
>client to the server in a special HTTP header using the "Pragma" keyword.
>A few months after we did this, a "standard" became used by the Harvest
>(now squid) cache (I think they use the "referer" header). We modified
>the source for ncsa 1.3 and later, 1.5a to recognize both these headers,
>and read from the config file the names of trusted caches. If a request
>is forwarded from a trusted cache *AND* it has one of these headers, the
>NCSA HTTP code was changed to use the client address passed up thru the
>cache rather than the cache's address when doing access checking based on
>address (and the IP addr/name passed to CGI scripts).
>
>That is why you are seeing the 2 host names separated by a comma in your
>NCSA access log - we log both the client and the cache (if there are more
>than 1 caches in the chain, we log them all, and they all must be in the
>trusted cache list defined to NCSA)
>
>Hope this helps,
>
>
>Kent Fitch Ph: +61 6 276 6711
>ITSB CSIRO Canberra Australia kent.fitch@its.csiro.au
>"sonic klein man its me my shape burnt in the sky its me the memorie of me
>racing thru the eye of the mer thru the eye of the sea thru the arm of the
>needle merging and jacking new filaments new risks etched forever in a cold
>system of wax..horses groping for a sign for a breath...
>charms. sweet angels - you have made me no longer afraid of death"
> - Patti Smith/Horses
>
-----------------------------------------------------------------------
| Greg Hitchen (Electron Beam Lab.) | email: g.hitchen@per.dem.csiro.au |
| CSIRO Exploration and Mining | fax: +61 9 387 8642 |
| Private Bag, P.O. Wembley | phone: +61 9 387 0349 |
| WA 6014 Australia | |
-----------------------------------------------------------------------