You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "J.Lance Wilkinson" <jl...@psulias.psu.edu> on 2011/02/01 17:00:44 UTC
Re: [users@httpd] Incompatibilities between mod_remoteip and the
server-info & server-status handlers?
Tom Evans wrote:
> According to the docs on mod_remoteip, it should work as you expect:
>
> """
> The module replaces the apparent remote (client) IP/hostname for the
> request with the IP address reported in the request header configured
> with the RemoteIPHeader directive.
>
> Once replaced as instructed, this apparent IP address is then used for
> mod_authz_host features <Require host> and <Require ip>, is reported
> by mod_status, and is recorded by mod_log_config %a and %h directives.
> It also determines the machine probed for an inetd identity by
> mod_ident based on the IdentityCheck configuration.
> """
>
> What IP addresses are logged in the access logs on the backend? If
> they aren't showing the client IP address, rather than the proxy IP
> address, then mod_remoteip is not in use or incorrectly configured.
The actual client IP addresses seem to be showing up for one set of URIs which
are IP filtered to a set of permitted ones.
In this particular case, my config file fragment reads:
Alias /artshumanities/audio "/web_extranet_etc/arts/audio"
<Directory "/web_extranet_etc/arts/audio">
Options -Indexes
AllowOverride None
Order deny,allow
Deny from all
Allow from 128.118 146.186 66.71.0.0/16 130.203
</Directory>
I have several <VirtualHost/> blocks, and since this <Directory/> block applies
equally to both my port 80 and my port 443 VirtualHosts, I defined it EXTERNAL
TO BOTH. The same goes for the various <Location/> blocks that I'd noted this
behavior on before.
The RemoteIPHeader and RemoteIPTrustedProxy directives are defined individually
in each <VirtualHost/> -- this because we didn't see evidence of it working
when we had it outside them.
The log entries read like (wrapped for readability):
146.186.238.23 - - [01/Feb/2011:09:50:22 -0500] "GET
/artshumanities/audio/music9.htm HTTP/1.1" 403 27480
"-" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.8.1.20) Gecko/20081217
Firefox/2.0.0.20 (.NET CLR 3.5.30729)"
I'm wondering now if this issue could have to do more w/ my Order, Deny and
Allow directives than with and incompatibility between the mod_remoteip module
and the server-info/server-status handlers...
--
J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@psu.edu
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org