You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/12/13 12:19:40 UTC

[Bug 61896] New: CONN_REMOTE_ADDR not exposed to php scripts

https://bz.apache.org/bugzilla/show_bug.cgi?id=61896

            Bug ID: 61896
           Summary: CONN_REMOTE_ADDR not exposed to php scripts
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_remoteip
          Assignee: bugs@httpd.apache.org
          Reporter: h.reindl@thelounge.net
  Target Milestone: ---

mod_rewrite supports for years now REMOTE_ADDR *and* CONN_REMOTE_ADDR, see
samle below, mod_remoteip don't give you any information within a PHP script
about the physical connecting IP

this can be crucial when your reverse-proxy adds headers which you can use in
your application to make decisions because you should verify the source-ip to
make sure that header is trustable

the setup below has one big goal: decide via DNS if a website goes directly to
httpd or for high traffic pages over the reverse-proxy which in this case would
do TLS-offloading and sim,ilar decisions can happen within the application - or
better said it should be posible to do so

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{CONN_REMOTE_ADDR} !^192\.168\.196\.2
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 61896] CONN_REMOTE_ADDR not exposed to php scripts

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=61896

Reindl Harald <h....@thelounge.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.5-HEAD                    |2.4.29

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org