You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Michael Nielsen <mi...@cedargate.com> on 2019/09/04 18:40:20 UTC
[users@httpd] X-Forwarded-For and If directive
I am certain I'm missing something important about the <If> directive and the -ipmatch operator when used in conjunction with %{HTTP:X-Forwarded-For}.
Please permit me to illustrate the problem by way of example:
<If "%{HTTP:X-Forwarded-For} -ipmatch '10.0.0.0/8'">
LogMessage "Got IP match [%{HTTP:X-Forwarded-For}]"
</If>
<Else>
LogMessage "No IP match [%{HTTP:X-Forwarded-For}]"
</Else>
produces the following log output:
[Wed Sep 04 17:57:03.611095 2019] [log_debug:info] [pid 11134] [client 10.128.10.9:53515] No IP match [10.128.10.9]
Clearly X-Forwarded-For has the value '10.128.10.9', which is certainly within the 10.0.0.0/8 CIDR.
So I say to myself "Well, maybe -ipmatch doesn't really like a CIDR, despite what the documentation appears to say".
<If "%{HTTP:X-Forwarded-For} -ipmatch '10.128.10.9'">
LogMessage "Got explicit IP match [%{HTTP:X-Forwarded-For}]"
</If>
<Else>
LogMessage "No explicit IP match [%{HTTP:X-Forwarded-For}]"
</Else>
This produces the log message:
[Wed Sep 04 17:57:03.611108 2019] [log_debug:info] [pid 11134] [client 10.128.10.9:53515] No explicit IP match [10.128.10.9]
So with X-Forwarded-For clearly containing the value 10.128.10.9, I cannot match 10.0.0.0/8 or 10.128.10.9 with -ipmatch.
Maybe -ipmatch doesn't work?
<If "'10.128.10.9' -ipmatch '10.0.0.0/8'">
LogMessage "Got dummy IP match"
</If>
<Else>
LogMessage "Failed dummy IP match"
</Else>
produces the following log message:
[Wed Sep 04 17:57:03.611112 2019] [log_debug:info] [pid 11134] [client 10.128.10.9:53515] Got dummy IP match
So it appears there's something pathological about %{HTTP:X-Forwarded-For}, but I can't help but observe that it prints as I expect it to in the LogMessage output.
Here's another example:
<If "%{HTTP:X-Forwarded-For} == '10.128.10.9' ">
LogMessage "Got string IP match [%{HTTP:X-Forwarded-For}]"
</If>
<Else>
LogMessage "Got no string IP match %{HTTP:X-Forwarded-For}"
</Else>
yields
[Wed Sep 04 17:57:03.611117 2019] [log_debug:info] [pid 11134] [client 10.128.10.9:53515] Got no string IP match 10.128.10.9
I'm convinced there's something subtle I'm overlooking, and would be very grateful for any suggestions.
Would some kind soul come to my rescue?
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org