You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Alson Wong <ka...@pl.jaring.my> on 2000/11/12 04:07:59 UTC

Changing REMOTE_ADDR passing to a request.

hello,
I have a question here. 
There are 2 server, server A and server B.

There are also 2 cgi files.

access-ip.cgi store in server A. 
ip.cgi store in server B.

The access-ip.cgi looks like this:

#!/usr/bin/perl
print "Content-type: text/html\n\n";
use LWP::Simple;
@testing=get('http://www.serverB.com/cgi-bin/ip.cgi');
print @testing;
--
The ip.cgi on server B looks like this:

#!/usr/bin/perl
$add=$ENV{'REMOTE_ADDR'};
print "Content-type: text/html\n\n";
print "<p>IP is $add\n"


So, how do I pass/set the environment variable of REMOTE_ADDR from 
server A ? So that I can control the env of remote_addr at the server 
B ?

access-ip.cgi actually get the output from server B, and server B 
actually get the remote_addr value from server A.

So, is there any way I can make
$ENV{'REMOTE_ADDR'}="1.2.3.4"; from server A,

And pass this variable to server B. So, server B will take 1.2.3.4 as 
the value of remote_addr, and as a result, access-ip will give an 
output of 1.2.3.4.

I have tried the following code in modperl,

my $r = shift;
$r->connection->remote_ip('1.2.3.4');

it only works in server A, meaning,
$ENV{'REMOTE_ADDR'} in Server A return 1.2.3.4, but $ENV
{'REMOTE_ADDR'} in server B still return the Server A ip address.


Thank you very much.

kamsoon@pl.jaring.my

Re: Changing REMOTE_ADDR passing to a request.

Posted by Bogomolnyi Constantin <Co...@ifrance.com>.

Hello ,
If I understand well what you want , you want to spoof the real IP adress of
server A to make server B think that he is speaking to A' .
Lets see the apache.pm pod :
=item $c->remote_ip

The dotted decimal representation of the remote client's IP address.
This is set by the server when the connection record is created so
is always defined.

You can also set this value by providing an argument to it. This is
helpful if your server is behind a squid accelerator proxy which adds
a X-Forwarded-For header.
----
1)How this make you think that adding the X-Forwarded-For header will
 change the value of $c->remote_ip ?

and this :
=item $c->remote_addr

A packed SOCKADDR_IN in the same format as returned by
L<Socket/pack_sockaddr_in>, containing the port and address on the
remote host that the server is connected to.  This is set by the
server when the connection record is created so it is always defined.

2) This mean that if the server B use $c->remote_addr method he will
get the real ip that he is connected to , so no way to spoof it .
(and if I understand well this method is used by apache to set $ENV)

3) In my way the only way to change the value of $c->remote_addr
is to create an proxy server between :
B<------>PROXY<-------->A
and remove X-Forwarded-For at the proxy , so B will never know that he is
speaking
to A.

Good luck !
Best
CB

----- Original Message -----
From: "Alson Wong" <ka...@pl.jaring.my>
To: "barries" <ba...@slaysys.com>
Cc: <mo...@apache.org>
Sent: Sunday, November 12, 2000 2:09 PM
Subject: Re: Changing REMOTE_ADDR passing to a request.


> hi,
> I have not use mod_proxy_add_forward before. I have download the source
code
> and have a look at it.
> It seems like just passing "X-Forwarded-For" in a header of a request. I
> think
> this is same as my code here:
>
> use LWP::UserAgent;
> $ua = new LWP::UserAgent;
> my $reqq =
> HTTP::Request->new('GET','http://www.serverB.com/cgi-bin/ip.cgi');
> $reqq->header('X-Forwarded-For'=>'1.2.3.4');
> $reqq->header('Remote_Addr'=>'1.2.3.4'); # this line won't work.
> my $ress = $ua->request($reqq);
> print $ress->as_string;
>
> The $ENV{'REMOTE_ADDR'}of server B still return the real ip address of
> server A.
> So, how do I change the $ENV{'REMOTE_ADDR'}of server B to 1.2.3.4 without
> changing anything at server B ?
>
> If I am wrong with the mod_proxy_add_forward, please point it out. Because
I
> have no idea how to implement the mod_proxy_add_forward in to mod_proxy of
> Apache.
>
> And no idea how to use it too. If you got some clue, please tell me how to
> start using that module, if it really works.
>
> Thanks.
>
> kamsoon@pl.jaring.my
>
>
>
>
> ----- Original Message -----
> From: barries <ba...@slaysys.com>
> To: Alson Wong <ka...@pl.jaring.my>
> Cc: <mo...@apache.org>
> Sent: Sunday, November 12, 2000 11:34 AM
> Subject: Re: Changing REMOTE_ADDR passing to a request.
>
>
> > On Sun, Nov 12, 2000 at 11:07:59AM +0800, Alson Wong wrote:
> > >
> > > So, how do I pass/set the environment variable of REMOTE_ADDR from
> > > server A ? So that I can control the env of remote_addr at the server
> > > B ?
> >
> > Well, you could do it several ways.  The "normal" way is to set a
> > header in the request that A sends to be, usually the same one that
> > various caching proxy servers do, namely X-Forwarded-For.  You won't
> > be able to do that with LWP::Simple, have a look at the main LWP
> > page for details on how to make more sophisticated requests.  I'm
> > assuming you've ruled out using Apache's mod_proxy, and therefore that
> > you won't be wanting to use mod_proxy_add_forward.
> >
> > Then, in the B server, you can peel it out of the Apache request
> > object manually as part of your script, or you can do it in an earlier
> > handler phase and make a $r->remote_ip() call like the one you were
> > making in the A server.
> >
> > To catch the header on the backend, you can have a look at the
> > Guide:
> >
> >
>
http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP
> _in_.html
> >
> > > my $r = shift;
> > > $r->connection->remote_ip('1.2.3.4');
> > >
> > > it only works in server A, meaning,
> > > $ENV{'REMOTE_ADDR'} in Server A return 1.2.3.4, but $ENV
> > > {'REMOTE_ADDR'} in server B still return the Server A ip address.
> >
> > Right: nothing passes environment variables between the servers.  You
> > need to establish your own channel (the header mentioned above) for
> > passing that value and tweak the B server to recover the value and
> > stuff it in the environment variable.
> >
> > HTH,
> >
> > Barrie
> >
>

Re: Changing REMOTE_ADDR passing to a request.

Posted by barries <ba...@slaysys.com>.

On Sun, Nov 12, 2000 at 09:09:49PM +0800, Alson Wong wrote:
> 
> The $ENV{'REMOTE_ADDR'}of server B still return the real ip address of
> server A.

Check out the link I sent to The Guide (tm), there's a Perl snippet
to recover the IP and do the ->remote_ip() call:

> From: barries <ba...@slaysys.com>
> >
> > To catch the header on the backend, you can have a look at the
> > Guide:
> >
> >
> http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP_in_.html

- Barrie

Re: Changing REMOTE_ADDR passing to a request.

Posted by Alson Wong <ka...@pl.jaring.my>.

hi,
I have not use mod_proxy_add_forward before. I have download the source code
and have a look at it.
It seems like just passing "X-Forwarded-For" in a header of a request. I
think
this is same as my code here:

use LWP::UserAgent;
$ua = new LWP::UserAgent;
my $reqq =
HTTP::Request->new('GET','http://www.serverB.com/cgi-bin/ip.cgi');
$reqq->header('X-Forwarded-For'=>'1.2.3.4');
$reqq->header('Remote_Addr'=>'1.2.3.4'); # this line won't work.
my $ress = $ua->request($reqq);
print $ress->as_string;

The $ENV{'REMOTE_ADDR'}of server B still return the real ip address of
server A.
So, how do I change the $ENV{'REMOTE_ADDR'}of server B to 1.2.3.4 without
changing anything at server B ?

If I am wrong with the mod_proxy_add_forward, please point it out. Because I
have no idea how to implement the mod_proxy_add_forward in to mod_proxy of
Apache.

And no idea how to use it too. If you got some clue, please tell me how to
start using that module, if it really works.

Thanks.

kamsoon@pl.jaring.my

----- Original Message -----
From: barries <ba...@slaysys.com>
To: Alson Wong <ka...@pl.jaring.my>
Cc: <mo...@apache.org>
Sent: Sunday, November 12, 2000 11:34 AM
Subject: Re: Changing REMOTE_ADDR passing to a request.

> On Sun, Nov 12, 2000 at 11:07:59AM +0800, Alson Wong wrote:
> >
> > So, how do I pass/set the environment variable of REMOTE_ADDR from
> > server A ? So that I can control the env of remote_addr at the server
> > B ?
>
> Well, you could do it several ways.  The "normal" way is to set a
> header in the request that A sends to be, usually the same one that
> various caching proxy servers do, namely X-Forwarded-For.  You won't
> be able to do that with LWP::Simple, have a look at the main LWP
> page for details on how to make more sophisticated requests.  I'm
> assuming you've ruled out using Apache's mod_proxy, and therefore that
> you won't be wanting to use mod_proxy_add_forward.
>
> Then, in the B server, you can peel it out of the Apache request
> object manually as part of your script, or you can do it in an earlier
> handler phase and make a $r->remote_ip() call like the one you were
> making in the A server.
>
> To catch the header on the backend, you can have a look at the
> Guide:
>
>
http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP
_in_.html
>
> > my $r = shift;
> > $r->connection->remote_ip('1.2.3.4');
> >
> > it only works in server A, meaning,
> > $ENV{'REMOTE_ADDR'} in Server A return 1.2.3.4, but $ENV
> > {'REMOTE_ADDR'} in server B still return the Server A ip address.
>
> Right: nothing passes environment variables between the servers.  You
> need to establish your own channel (the header mentioned above) for
> passing that value and tweak the B server to recover the value and
> stuff it in the environment variable.
>
> HTH,
>
> Barrie
>

Re: Changing REMOTE_ADDR passing to a request.

Posted by barries <ba...@slaysys.com>.

On Sun, Nov 12, 2000 at 11:07:59AM +0800, Alson Wong wrote:
> 
> So, how do I pass/set the environment variable of REMOTE_ADDR from 
> server A ? So that I can control the env of remote_addr at the server 
> B ?

Well, you could do it several ways.  The "normal" way is to set a
header in the request that A sends to be, usually the same one that
various caching proxy servers do, namely X-Forwarded-For.  You won't
be able to do that with LWP::Simple, have a look at the main LWP
page for details on how to make more sophisticated requests.  I'm
assuming you've ruled out using Apache's mod_proxy, and therefore that
you won't be wanting to use mod_proxy_add_forward.

Then, in the B server, you can peel it out of the Apache request
object manually as part of your script, or you can do it in an earlier
handler phase and make a $r->remote_ip() call like the one you were
making in the A server.

To catch the header on the backend, you can have a look at the
Guide:

http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP_in_.html

> my $r = shift;
> $r->connection->remote_ip('1.2.3.4');
> 
> it only works in server A, meaning,
> $ENV{'REMOTE_ADDR'} in Server A return 1.2.3.4, but $ENV
> {'REMOTE_ADDR'} in server B still return the Server A ip address.

Right: nothing passes environment variables between the servers.  You
need to establish your own channel (the header mentioned above) for
passing that value and tweak the B server to recover the value and
stuff it in the environment variable.

HTH,

Barrie