You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Igor Galić <i....@brainsware.org> on 2012/03/30 17:16:31 UTC

[users@httpd] mod_remoteip: Hiding in plain sight

Hi folks,

I'm using wrowe's backported version of mod_remoteip[1][2] to for
httpd 2.2, while hiding behind an Apache Traffic Server.

My configuration is basically this:

  # we're behind a proxy, but no one needs to know:
  RemoteIPHeader X-Forwarded-For
  RemoteIPTrustedProxy 127.0.0.1/8 176.9.55.235 192.168.122.235/24

while in ATS I have set

  CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 1

(no, actually I haven't it's the default)

The only problem is: It doesn't do a thing.

  igalic@tynix ~ % curl http://brainswear.at/t.php 2>/dev/null| ack -i remote_a\|forw
      [REMOTE_ADDR] => 127.0.0.1

Is this supposed to strip X-Forwarded-For headers?
Is it supposed to not modify REMOTE_ADDRESS (because it says it would)
What's it supposed to do? Does it work? Has anyone tested it?

So long,

i 

[1] http://people.apache.org/~wrowe/httpd-2.2-ports/mod_remoteip.c
[2] http://httpd.apache.org/docs/current/mod/mod_remoteip.html

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515  2EA5 4B1D 9E08 A097 C9AE


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_remoteip: Hiding in plain sight

Posted by Leif Hedstrom <zw...@apache.org>.

On 3/30/12 9:16 AM, Igor Galić wrote:
> Hi folks,
>
> I'm using wrowe's backported version of mod_remoteip[1][2] to for
> httpd 2.2, while hiding behind an Apache Traffic Server.
>
> My configuration is basically this:
>
>    # we're behind a proxy, but no one needs to know:
>    RemoteIPHeader X-Forwarded-For
>    RemoteIPTrustedProxy 127.0.0.1/8 176.9.55.235 192.168.122.235/24
>
> while in ATS I have set
>
>    CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 1
>
> (no, actually I haven't it's the default)
>

But what do you see between ATS and HTTPD ? XFF is for ATS to communicate to 
the Origin(s) what the real client IP is. You wouldn't see it in the 
response back to the client, I'm pretty sure. I use this all the time, and 
it definitely works for me, e.g.:

+++++++++ Proxy's Request +++++++++
-- State Machine Id: 2
GET / HTTP/1.1
User-Agent: curl/7.21.7 (x86_64-redhat-linux-gnu) libcurl/7.21.7 
NSS/3.13.3.0 zlib/1.2.5 libidn/1.22 libssh2/1.2.7
Host: www.yahoo.com
Accept: */*
Client-ip: 127.0.0.1
X-Forwarded-For: 127.0.0.1
Via: http/1.1 loki.ogre.com[FE8000000000000002016CFFFE63288A] 
(ApacheTrafficServer/3.1.4-unstable [uScMs f p eN:t cCMi p s ])


-- Leif


-- Leif