You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/10/20 15:35:12 UTC
DO NOT REPLY [Bug 23938] New: -
CGI environment variable REMOTE_ADDR not always that of client
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23938>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23938
CGI environment variable REMOTE_ADDR not always that of client
Summary: CGI environment variable REMOTE_ADDR not always that of
client
Product: Apache httpd-2.0
Version: 2.0.47
Platform: Sun
URL: http://www.mco.edu/cgi-bin/test.cgi
OS/Version: Solaris
Status: NEW
Severity: Critical
Priority: Other
Component: mod_cgi
AssignedTo: bugs@httpd.apache.org
ReportedBy: haas@mco.edu
Either on the first try or after a couple reloads of my test.cgi script
the REMOTE_ADDR environment variable given is that of another client currently
accessing the Web site. Thus Web applications doing IP address checks can
fail. Currently the application we have failing is WebEvent (a Web based
calendar) which resets a user logged in in admin/update mode back to guest
mode because it checks incoming IP address against that of the one used on the
initial log in.
If a different URL is used like the host machine name of
http://topgun.mco.edu/cgi-bin/test.cgi the problem is not seen .. unless of
course another client comes in that way ..
Apache 2.047 , prefork, compiled with GCC 3.2, Solaris 9, Sparc
openssl, openldap on system
mod_auth_external and mod_webapp modules are only extra modules
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org