You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by allan juul <al...@muly.dk> on 2006/01/30 20:12:15 UTC

[users@httpd] reverse proxy - forward ip

hello,

we have on the same machine an apache2 in front (80) of a backend web
server (8000) in a reverse proxy set up. the backend sees the proxied
requests from the apache as coming from localhost.
we are in a situation were we need the backend to see the request coming
from anything but localhost.

one approach might be to establish a unique host header on the backend,
so the apache would forward requests like:

RewriteRule ^/(.*) http://unique.host.com:8000/$1 [p,l]

instead of

RewriteRule ^/(.*) http://localhost:8000/$1 [p,l]


i just wander if there are an easier / or even another solution to this?
perhaps forwarding the original client ip somehow.

thanks
./a




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] reverse proxy - forward ip

Posted by François Conil <co...@ece.fr>.

allan juul a écrit :
> hello,
> 
> we have on the same machine an apache2 in front (80) of a backend web
> server (8000) in a reverse proxy set up. the backend sees the proxied
> requests from the apache as coming from localhost.
> we are in a situation were we need the backend to see the request coming
> from anything but localhost.
> 
> one approach might be to establish a unique host header on the backend,
> so the apache would forward requests like:
> 
> RewriteRule ^/(.*) http://unique.host.com:8000/$1 [p,l]
> 
> instead of
> 
> RewriteRule ^/(.*) http://localhost:8000/$1 [p,l]
> 
> 
> i just wander if there are an easier / or even another solution to this?
> perhaps forwarding the original client ip somehow.
> 
> thanks
> ./a

Give a try to mod proxy,combined with mod_rpaf and mod_extract_forwarded 
that allows the backend to "see" the forwarded host.


-- 
François Conil
Administrateur Systèmes et Réseaux
<Pax> I wish my lawn was emo, so it would cut itself.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: reverse proxy - forward ip

Posted by Joost de Heer <sa...@xs4all.nl>.

allan juul wrote:
> hello,
>
> we have on the same machine an apache2 in front (80) of a backend web
> server (8000) in a reverse proxy set up. the backend sees the proxied
> requests from the apache as coming from localhost.
> we are in a situation were we need the backend to see the request coming
> from anything but localhost.

Add a header 'X-Forwarded-For' with mod_headers, and then log the value of
that header in the backend application.

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] reverse proxy - forward ip

Posted by allan juul <al...@muly.dk>.

thanks for the suggestion. but to be more precise. i am interested in 
the backend server seeing any request as coming from anything but localhost.

the backend could theoretically be serving just a gif image so a request 
from the backend's point of view should somehow look like this in its 
access log:

real-client-ip - - [22/May/2004:11:06:36] "GET / HTTP/1.1" 200 5969
unique.host.com - - [22/May/2004:11:06:36] "GET / HTTP/1.1" 200 5969

instead of:

127.0.0.1 - - [22/May/2004:11:06:36] "GET / HTTP/1.1" 200 5969
localhost - - [22/May/2004:11:06:36] "GET / HTTP/1.1" 200 5969


thanks again
./a






Boysenberry Payne wrote:
> Maybe try this:
> 
> RewriteRule   ^(.*)$     
> http://unique.host.com:8000/$1?ip=%{REMOTE_ADDR} [P]
> 
> or
> 
> RewriteRule   ^(.*)$     
> http://unique.host.com:8000/index.php?request=$1&ip=%{REMOTE_ADDR} [P]
> 
> with a rewrite rule on the receiving server to bring it back to the 
> original request.
> 
> You probably want something like mod_perl or php to handle this most 
> effectively
> (i.e. for doing something with the IP addy, etc. )
> 
> 
> Boysenberry
> 
> boysenberrys.com | habitatlife.com | selfgnosis.com
> 
> On Jan 30, 2006, at 1:12 PM, allan juul wrote:
> 
>> hello,
>>
>> we have on the same machine an apache2 in front (80) of a backend web
>> server (8000) in a reverse proxy set up. the backend sees the proxied
>> requests from the apache as coming from localhost.
>> we are in a situation were we need the backend to see the request coming
>> from anything but localhost.
>>
>> one approach might be to establish a unique host header on the backend,
>> so the apache would forward requests like:
>>
>> RewriteRule ^/(.*) http://unique.host.com:8000/$1 [p,l]
>>
>> instead of
>>
>> RewriteRule ^/(.*) http://localhost:8000/$1 [p,l]
>>
>>
>> i just wander if there are an easier / or even another solution to this?
>> perhaps forwarding the original client ip somehow.
>>
>> thanks
>> ./a
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] reverse proxy - forward ip

Posted by Boysenberry Payne <bo...@humaniteque.com>.

Maybe try this:

RewriteRule   ^(.*)$	 http://unique.host.com:8000/$1?ip=%{REMOTE_ADDR} 
[P]

or

RewriteRule   ^(.*)$	 
http://unique.host.com:8000/index.php?request=$1&ip=%{REMOTE_ADDR} [P]

with a rewrite rule on the receiving server to bring it back to the 
original request.

You probably want something like mod_perl or php to handle this most 
effectively
(i.e. for doing something with the IP addy, etc. )


Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Jan 30, 2006, at 1:12 PM, allan juul wrote:

> hello,
>
> we have on the same machine an apache2 in front (80) of a backend web
> server (8000) in a reverse proxy set up. the backend sees the proxied
> requests from the apache as coming from localhost.
> we are in a situation were we need the backend to see the request 
> coming
> from anything but localhost.
>
> one approach might be to establish a unique host header on the backend,
> so the apache would forward requests like:
>
> RewriteRule ^/(.*) http://unique.host.com:8000/$1 [p,l]
>
> instead of
>
> RewriteRule ^/(.*) http://localhost:8000/$1 [p,l]
>
>
> i just wander if there are an easier / or even another solution to 
> this?
> perhaps forwarding the original client ip somehow.
>
> thanks
> ./a
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org