You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lenya.apache.org by Jann Forrer <ja...@id.unizh.ch> on 2004/05/05 09:07:55 UTC

DefaultAccessController AC_Live

Hi

I you use Apache together with mod_proxy to connect to the servlet engine
you get a problem with the IP Range in AC_Live because in the
DefaultAccessController class

  request.getRemoteAddr()

is used which returns the IP Address of the machine where your apache runs
and not the IP Address of the Client which is actually required. I
therefore modified the DefaultAccessController class using the
x-forwarded-for header (if actually set) wich mod_proxy passes to the
servlet engine:

  request.getHeader("x-forwarded-for")

I made some more modification in order to deal with a problem which arise
if the client uses another proxy.

I tested it and it works and should be quite generic. However I am
not sure whether this is the best solution. Another approach could be that
you use e.g. ac.xconf to configure the ip Address of the Apache server
e.g. <apache>127.0.0.1</apache>. If this is set you should use the
x-forwarded-for header .......

WDYT

I can send you a patch of my solution

Jann


---------------------------------------------------------------
Jann Forrer
Informatikdienste
Universität Zürich
Winterthurerstr. 190
CH-8057 Zuerich

oooO   mail:  jann.forrer@id.unizh.ch
(  )   phone: +41 1 63 56772
 \ (   fax:   +41 1 63 54505
  \_)  http://www.id.unizh.ch

---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: DefaultAccessController AC_Live

Posted by Michael Wechner <mi...@wyona.com>.

Jann Forrer wrote:

>On Wed, 5 May 2004, Michael Wechner wrote:
>
>  
>
>>Jann Forrer wrote:
>>
>>    
>>
>>>I tested it and it works and should be quite generic.
>>>
>>>      
>>>
>>does it also work if there is no proxy?
>>
>>    
>>
>
>
>Yes it does.
>
>[ ... ]
>  
>

cool

>  
>
>>please attach it to Bugzilla
>>
>>    
>>
>
>Ok, i will do that
>  
>

thanks a lot

Michi

>Jann
>
>---------------------------------------------------------------
>Jann Forrer
>Informatikdienste
>Universität Zürich
>Winterthurerstr. 190
>CH-8057 Zuerich
>
>oooO   mail:  jann.forrer@id.unizh.ch
>(  )   phone: +41 1 63 56772
> \ (   fax:   +41 1 63 54505
>  \_)  http://www.id.unizh.ch
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
>For additional commands, e-mail: lenya-dev-help@cocoon.apache.org
>
>
>  
>


-- 
Michael Wechner
Wyona Inc.  -   Open Source Content Management   -   Apache Lenya
http://www.wyona.com              http://cocoon.apache.org/lenya/
michael.wechner@wyona.com                        michi@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: DefaultAccessController AC_Live

Posted by Jann Forrer <ja...@id.unizh.ch>.

On Wed, 5 May 2004, Michael Wechner wrote:

> Jann Forrer wrote:
>
> >
> >I tested it and it works and should be quite generic.
> >
>
> does it also work if there is no proxy?
>


Yes it does.

[ ... ]

>
> please attach it to Bugzilla
>

Ok, i will do that

Jann

---------------------------------------------------------------
Jann Forrer
Informatikdienste
Universität Zürich
Winterthurerstr. 190
CH-8057 Zuerich

oooO   mail:  jann.forrer@id.unizh.ch
(  )   phone: +41 1 63 56772
 \ (   fax:   +41 1 63 54505
  \_)  http://www.id.unizh.ch

---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org

Re: DefaultAccessController AC_Live

Posted by Michael Wechner <mi...@wyona.com>.

Jann Forrer wrote:

>
>I tested it and it works and should be quite generic.
>

does it also work if there is no proxy?

> However I am
>not sure whether this is the best solution. Another approach could be that
>you use e.g. ac.xconf to configure the ip Address of the Apache server
>e.g. <apache>127.0.0.1</apache>. If this is set you should use the
>x-forwarded-for header .......
>  
>

if your solution also works if there is no proxy, then I think
the extra configuration wouldn't be necessary, else I think it would be.

>
>I can send you a patch of my solution
>  
>

please attach it to Bugzilla

Thanks very much for fixing this problem :-)

Michi

>Jann
>
>
>---------------------------------------------------------------
>Jann Forrer
>Informatikdienste
>Universität Zürich
>Winterthurerstr. 190
>CH-8057 Zuerich
>
>oooO   mail:  jann.forrer@id.unizh.ch
>(  )   phone: +41 1 63 56772
> \ (   fax:   +41 1 63 54505
>  \_)  http://www.id.unizh.ch
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
>For additional commands, e-mail: lenya-dev-help@cocoon.apache.org
>
>
>  
>


-- 
Michael Wechner
Wyona Inc.  -   Open Source Content Management   -   Apache Lenya
http://www.wyona.com              http://cocoon.apache.org/lenya/
michael.wechner@wyona.com                        michi@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org