You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Mike Cramer <cr...@webkist.com> on 2003/08/12 23:10:19 UTC
[PATCH] Add CookieIPHeader directive to mod_usertrack (for 1.3)
If apache is running behind a device which masks the client's IP address
with its own, mod_usertrack will use this IP address as part of its
cookie_id. Since this is NOT the actual IP address of the client (and
may in fact be information best kept private), this behavior could be
less than ideal.
Some devices (including a reverse-proxying Apache instance) set HTTP
headers which contain the "real" IP address of the request, which might
be more appropriate for mod_usertrack.
The attached patch adds the "CookieIPHeader" directive which takes as
its only argument the name of the header containing the IP address to
use. For example, mod_usertrack could use the IP address passed on my
another Apache instance's "ProxyPass" with the following directive:
CookieIPHeader X-Forwarded-For
If the specified header doesn't exist or inet_aton() fails to parse it,
the default value (from r->connection) is used instead. Without the
directive, apache's behavior is unchanged.
This patch is against the mod_usertrack.c found in 1.3.28.
--
Mike Cramer
http://www.webkist.com/