You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Kip Cranford <kc...@advance-inc.com> on 2000/06/14 18:50:37 UTC
Re: proxy requests via mod_proxy
On: Wed, 14 Jun 2000 12:30:50 EDT dave@perl-solutions.com wrote:
>Hi,
>
>I'm using a "light weight" apache server compiled with mod_proxy
>to pass dynamic requests off to my "heavy" mod_perl enabled
>server. However, mod_proxy isn't forwarding the REMOTE_ADDR the
>request originated from in the headers. I recall reading
>reports that this is/was a known problem. Is there a patch for
>mod_proxy that will have it include the originating IP in the
>header? The mod_proxy version I'm using is the standard w/
>apache 1.3.12.
>
I use the same setup. Though I'm not aware of a patch to mod_proxy, I
currently use a module written by Ask Bjoern Hansen called
proxy_add_forward.
Compiling this into your proxy server adds an X-Forwarded-For header to the
proxy requests which contains the ip of the client you're interested in.
You can find that module here
http://modules.apache.org/search?id=124
and probably a host of other places.
--kip
Re: proxy requests via mod_proxy
Posted by Eric Cholet <ch...@logilune.com>.
> In the startup.pl of the app server:
>
> sub My::ProxyRemoteAddr ($) {
> my $r = shift;
you'll want to insert this here:
# we'll only look at the X-Forwarded-For header if the requests
# comes from our proxy at localhost
return OK unless ($r->connection->remote_ip eq "127.0.0.1");
it's in the latest mod_proxy_add_forward, maybe you're using an older
version. This makes sure an outsider cannot defeat any IP-based
authorization
by connecting directly to the backend and supplying a forged X-Forwarded-For
header. Of course this is moot if the backend is bound to 127.0.0.1.
> if (my ($ip) = $r->header_in('X-Forwarded-For') =~ /([^,\s]+)$/) {
> $r->connection->remote_ip($ip);
> }
>
> return OK;
> }
>
--
Eric
Re: proxy requests via mod_proxy
Posted by Tim Bishop <ti...@activespace.com>.
Kip says:
>
> I currently use a module written by Ask Bjoern Hansen called
> proxy_add_forward.
>
> Compiling this into your proxy server adds an X-Forwarded-For header to the
> proxy requests which contains the ip of the client you're interested in.
>
> You can find that module here
>
> http://modules.apache.org/search?id=124
>
> and probably a host of other places.
Dave-
Here's a copy of my specific instructions on adding IP logging to the
app server:
In mod_perl dir:
perl Makefile.PL \
APACHE_SRC=../apache_1.3.12/src \
DO_HTTPD=1 \
USE_APACI=1 \
PREP_HTTPD=1 \
EVERYTHING=1
copy mod_proxy_add_forward.c to apache_1.3.12/ dir
in apache_1.3.12 dir:
OPTIM="-O3 -m486" \
./configure --prefix=/usr \
--with-layout=RedHat \
--add-module=mod_bandwidth.c \
--add-module=mod_proxy_add_forward.c \
--enable-module=most \
--enable-shared=max \
--disable-rule=WANTHSREGEX \
--disable-module=auth_dbm \
--disable-module=auth_db \
--activate-module=src/modules/perl/libperl.a \
--with-perl=/usr/bin/perl
(notice the --add-module=mod_proxy_add_forward.c line)
(you probably don't want all of the other lines)
In the httpd.conf for the proxy server:
(add at the end of LoadModule statements:)
LoadModule proxy_add_forward_module modules/mod_proxy_add_forward.so
(add at the end of the AddModule statements:)
AddModule mod_proxy_add_forward.c
now your proxy server will send the X-Forwarded-For header. But the app
server needs to take that header and treat it as the originating ip.
In the startup.pl of the app server:
sub My::ProxyRemoteAddr ($) {
my $r = shift;
if (my ($ip) = $r->header_in('X-Forwarded-For') =~ /([^,\s]+)$/) {
$r->connection->remote_ip($ip);
}
return OK;
}
and in your httpd.conf file, somewhere:
# move X-Forwarded-For ip into r->connection->remote_ip
PerlPostReadRequestHandler My::ProxyRemoteAddr
-Tim