You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Werner Schalk <we...@gmx.de> on 2005/06/15 01:18:44 UTC

[users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server

Hi,

I do use mod_proxy as a reverse / forward proxy as follows:

Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual 
server using Linux vserver - private IP address, Apache 2)

Now all the requests that are send to the public IP address are forwarded to 
the internal server(s). The problem is that the original IP of the remote 
client is not passed to the internal server so for the internal servers it 
looks like the public server is making all the requests. My question now is: 
How can I pass the remote_addr of the client making the request to the 
internal server using mod_rewrite or mod_proxy? I mean I want the IP not only 
to be logable inside the virtual server (with the private ip) but also I 
would like PHP scripts etc. to correctly get the IP's of the remote clients.

Any input is greatly appreciated.

All the best & thanks,
Werner.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server

Posted by Joshua Slive <js...@gmail.com>.

On 6/15/05, David Adam <za...@ucc.gu.uwa.edu.au> wrote:
> (You're probably not going to like this answer - all I can say is that I'm
> sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do
> I manage more than about fifty users with CGI web pages, and our attitude
> to them is very much 'if it breaks, fix it yourself'.)
> 
> From what I understand of CGI, it is difficult do this. The
> REMOTE_ADDR variable is set on the receiving (internal) server - you'll
> have to override it from there.
> 
> You might want to examine:
> - mod_rewrite on the internal servers - I don't know enough about
> mod_rewrite to be able to tell you if (and how) it can change local CGI
> variables.

This won't, in general, work.  The CGI environment variables are set
at the last minute before launching CGI scripts and hence can't be
overriden in the apache configuration.

> 
> - writing some evil wrapper that rearranges - for example, replacing your
> PERL/Python/whatever executables with a shell script that tests for the
> presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be
> careful with this - X_FORWARDED_FOR does -not- have the same semantics as
> REMOTE_ADDR (see what happens when you pass through two proxy servers, for
> example).
> 
> - sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your
> customers! There are bucketloads of examples for detecting and fixing
> proxy headers

Both good suggestions.

The only other suggestion is to write an apache module that modifies
the internal apache request structure to replace the address.  This
wouldn't be too difficult (and I think such a module already exists
for 1.3 but not for 2.1), but you would need to be extremely careful
not to mess up the security of your server.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] No services Installed

Posted by Emmanuel E <em...@gmx.net>.

I think you havent selected the install as service option while running the 
installer.

You could do two things to rectify it.

1) Back up your configuration files. These will be found in the directory 
named "conf" wherever youve installed Apache. Uninstall apache from the 
control panel. Run the installer again. This time in the installer choose 
"For all users" and "install as a service on port 80" (I dont remember the 
exact options on the installer but its similar to something like i've 
mentioned.) After the install is successful you should be able to start and 
stop apache from the icon in the system tray.

2) For a less laborious method open a command prompt. Change directory to 
the "bin" directory within the directory wherever Apache has been installed. 
In the command prompt type "apache -k install". After this you should be 
able to start and stop Apache from the icon in the system tray.

Hope this works,
Emmanuel

----- Original Message ----- 
From: "Dana Marshall" <we...@danawheels.net>
To: <us...@httpd.apache.org>
Sent: Sunday, November 13, 2005 1:42 AM
Subject: Re: [users@httpd] No services Installed


>I am running Windows XP... when I click on START (as in the icon START) for 
>Apache), it brings it up, but when I double click on the icon in the system 
>tray, it says there are no services installed. Does that help?
>
> Dana
>
> At 12:53 AM 11/12/2005, you wrote:
>>Can you be more specific? Like what exactly do you do when you try to 
>>bring Apache up?
>>
>>You can install apache as a service by typing "apache -k install" at the 
>>command prompt.
>>
>>Did you use the installer to install?
>>
>>Check out http://httpd.apache.org/docs/2.0/platform/windows.html
>>
>>Cheers,
>>Emmanuel
>>
>>
>>----- Original Message ----- From: "Dana Marshall" 
>><we...@danawheels.net>
>>To: <us...@httpd.apache.org>
>>Sent: Saturday, November 12, 2005 1:38 PM
>>Subject: [users@httpd] No services Installed
>>
>>
>>>I've got Apache running on Windows XP Professional. When I bring it up, 
>>>it says there are no services installed. *sigh* What did I do wrong? I 
>>>modified the config file, but I know I'm missing something. HELP? How do 
>>>I install services so people can see my webpages?
>>>
>>>Dana
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server 
>>>Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] No services Installed

Posted by Dana Marshall <we...@danawheels.net>.

I am running Windows XP... when I click on START (as in the icon 
START) for Apache), it brings it up, but when I double click on the 
icon in the system tray, it says there are no services installed. 
Does that help?

Dana

At 12:53 AM 11/12/2005, you wrote:
>Can you be more specific? Like what exactly do you do when you try 
>to bring Apache up?
>
>You can install apache as a service by typing "apache -k install" at 
>the command prompt.
>
>Did you use the installer to install?
>
>Check out http://httpd.apache.org/docs/2.0/platform/windows.html
>
>Cheers,
>Emmanuel
>
>
>----- Original Message ----- From: "Dana Marshall" <we...@danawheels.net>
>To: <us...@httpd.apache.org>
>Sent: Saturday, November 12, 2005 1:38 PM
>Subject: [users@httpd] No services Installed
>
>
>>I've got Apache running on Windows XP Professional. When I bring it 
>>up, it says there are no services installed. *sigh* What did I do 
>>wrong? I modified the config file, but I know I'm missing 
>>something. HELP? How do I install services so people can see my webpages?
>>
>>Dana
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] No services Installed

Posted by Emmanuel E <em...@gmx.net>.

Can you be more specific? Like what exactly do you do when you try to bring 
Apache up?

You can install apache as a service by typing "apache -k install" at the 
command prompt.

Did you use the installer to install?

Check out http://httpd.apache.org/docs/2.0/platform/windows.html

Cheers,
Emmanuel


----- Original Message ----- 
From: "Dana Marshall" <we...@danawheels.net>
To: <us...@httpd.apache.org>
Sent: Saturday, November 12, 2005 1:38 PM
Subject: [users@httpd] No services Installed


> I've got Apache running on Windows XP Professional. When I bring it up, it 
> says there are no services installed. *sigh* What did I do wrong? I 
> modified the config file, but I know I'm missing something. HELP? How do I 
> install services so people can see my webpages?
>
> Dana
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] No services Installed

Posted by Dana Marshall <we...@danawheels.net>.

I've got Apache running on Windows XP Professional. When I bring it 
up, it says there are no services installed. *sigh* What did I do 
wrong? I modified the config file, but I know I'm missing something. 
HELP? How do I install services so people can see my webpages?

Dana


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_disk_cache and local files updating

Posted by Joshua Slive <js...@gmail.com>.

On 6/15/05, Florin Gherendi <fl...@yahoo.fr> wrote:
> I am using apache 2.0.53 with apache 1.3.33 in Perl proxied mode on a
> Linux Mandrake 9.2/ dual Xeon server.
> Apache 2 was compiled as RPM (I backported it from Mandriva 10.2) with
> mod_cache and mod_disk_cache enabled and installed.
> It works fine, but sometimes, for some vhosts, updating (replacing) a
> html file doesn't result in file appearing changed on http access, even
> if this access is performed from the server that hosts the site. If this
> happens and I erase the cache root (/var/cache/httpd in my case)
> contents, the new file is finally seen by apache.
> 
> This only happens on heavy traffic and not for all vhosts on the server;
> it seems that it happens more probably on files edited under Windows
> (but I am not very sure of that, because this behavior seems quite
> random; I can have weeks/months without this happening).
> 
> I don't know very well the site structure on the vhost where the problem
> was reported, it's some user's site, but I don't think the cause would
> be a html error.
> I think the problem is rather related to mod_disk_cache but I don't know
> why it happens. Anybody could give me a clue?

mod_cache/mod_disk_cache use standard HTTP caching rules to determine
when to check for updates.  In general, there is no way for the cache
to know when a file has been updated.  It will only do freshness
checks according to the information it has in the Cache-control,
Expires, and Last-Modified headers.  So if you want the freshness
checked more often, you need to modify those headers on the content.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] mod_disk_cache and local files updating

Posted by Florin Gherendi <fl...@yahoo.fr>.

I am using apache 2.0.53 with apache 1.3.33 in Perl proxied mode on a
Linux Mandrake 9.2/ dual Xeon server.
Apache 2 was compiled as RPM (I backported it from Mandriva 10.2) with
mod_cache and mod_disk_cache enabled and installed.
It works fine, but sometimes, for some vhosts, updating (replacing) a
html file doesn't result in file appearing changed on http access, even
if this access is performed from the server that hosts the site. If this
happens and I erase the cache root (/var/cache/httpd in my case)
contents, the new file is finally seen by apache.

This only happens on heavy traffic and not for all vhosts on the server;
it seems that it happens more probably on files edited under Windows
(but I am not very sure of that, because this behavior seems quite
random; I can have weeks/months without this happening).

I don't know very well the site structure on the vhost where the problem
was reported, it's some user's site, but I don't think the cause would
be a html error.
I think the problem is rather related to mod_disk_cache but I don't know
why it happens. Anybody could give me a clue?
Thanks
Florin



	

	
		
___________________________________________________________________________ 
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger 
T�l�chargez cette version sur http://fr.messenger.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server

Posted by David Adam <za...@ucc.gu.uwa.edu.au>.

> > Have you tried looking at the X-Forwarded-For header? (Appears in CGI
> > scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
> > mod_proxy, as far as I know.
>
> yes I know this but all the scripts of my customers are looking for
> REMOTE_ADDR etc. So how can I forward this to my internal servers behind the
> proxy server?

Werner,

(You're probably not going to like this answer - all I can say is that I'm
sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do
I manage more than about fifty users with CGI web pages, and our attitude
to them is very much 'if it breaks, fix it yourself'.)

>From what I understand of CGI, it is difficult do this. The
REMOTE_ADDR variable is set on the receiving (internal) server - you'll
have to override it from there.

You might want to examine:
- mod_rewrite on the internal servers - I don't know enough about
mod_rewrite to be able to tell you if (and how) it can change local CGI
variables.

- writing some evil wrapper that rearranges - for example, replacing your
PERL/Python/whatever executables with a shell script that tests for the
presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be
careful with this - X_FORWARDED_FOR does -not- have the same semantics as
REMOTE_ADDR (see what happens when you pass through two proxy servers, for
example).

- sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your
customers! There are bucketloads of examples for detecting and fixing
proxy headers

Have a look at the nearest thing to a CGI standard at
http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html for more
information on CGI variables.

The second option above is what someone like me would do :-) (we have no
qualms about 'evil hacks' here - our version of suexec has to be patched
every time we upgrade Apache, to give just one example).

Best of luck,

David Adam
zanchey@ucc.gu.uwa.edu.au


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server

Posted by Werner Schalk <we...@gmx.de>.

Hi,

> Have you tried looking at the X-Forwarded-For header? (Appears in CGI
> scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
> mod_proxy, as far as I know.

yes I know this but all the scripts of my customers are looking for 
REMOTE_ADDR etc. So how can I forward this to my internal servers behind the 
proxy server?

Thanks and bye,
Werner.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server

Posted by David Adam <za...@ucc.gu.uwa.edu.au>.

On Wed, 15 Jun 2005, Werner Schalk wrote:
> I do use mod_proxy as a reverse / forward proxy as follows:
>
> Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual
> server using Linux vserver - private IP address, Apache 2)
>
> Now all the requests that are send to the public IP address are forwarded to
> the internal server(s). The problem is that the original IP of the remote
> client is not passed to the internal server so for the internal servers it
> looks like the public server is making all the requests. My question now is:
> How can I pass the remote_addr of the client making the request to the
> internal server using mod_rewrite or mod_proxy? I mean I want the IP not only
> to be logable inside the virtual server (with the private ip) but also I
> would like PHP scripts etc. to correctly get the IP's of the remote clients.

Have you tried looking at the X-Forwarded-For header? (Appears in CGI
scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by
mod_proxy, as far as I know.

Cheers,

David Adam
zanchey@ucc.gu.uwa.edu.au


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org