You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/12/13 12:19:40 UTC
[Bug 61896] New: CONN_REMOTE_ADDR not exposed to php scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=61896
Bug ID: 61896
Summary: CONN_REMOTE_ADDR not exposed to php scripts
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_remoteip
Assignee: bugs@httpd.apache.org
Reporter: h.reindl@thelounge.net
Target Milestone: ---
mod_rewrite supports for years now REMOTE_ADDR *and* CONN_REMOTE_ADDR, see
samle below, mod_remoteip don't give you any information within a PHP script
about the physical connecting IP
this can be crucial when your reverse-proxy adds headers which you can use in
your application to make decisions because you should verify the source-ip to
make sure that header is trustable
the setup below has one big goal: decide via DNS if a website goes directly to
httpd or for high traffic pages over the reverse-proxy which in this case would
do TLS-offloading and sim,ilar decisions can happen within the application - or
better said it should be posible to do so
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{CONN_REMOTE_ADDR} !^192\.168\.196\.2
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61896] CONN_REMOTE_ADDR not exposed to php scripts
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61896
Reindl Harald <h....@thelounge.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|2.5-HEAD |2.4.29
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org