[users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Werner Schalk <we...@gmx.de>]

Hi,

I would like to use mod_rewrite to overwrite the environment variable 
REMOTE_ADDR with the value of HTTP_X_FORWARDED_FOR because I am using Apache 
2 in a reverse / forward proxy scenario where the original IP address of the 
client is not passed on to the internal Apache server:

Inet -> Server (public IP, Apache 2) -> Internal Server (same system, virtual 
server using Linux vserver - private IP address, Apache 2)

I have posted this several weeks ago but all the solutions did not work for 
me. So I tried this mod_rewrite rule:

RewriteEngine On
RewriteRule ^(.*) [env=REMOTE_ADDR:%{HTTP_X_FORWARDED_FOR}]

What's wrong with them? Whenever I activate them I get a "Bad request" 
response from my web server. 

Any input is greatly appreciated. Thanks a lot.

All the best & thanks,
Werner.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Joshua Slive <js...@gmail.com>]

On 6/24/05, Werner Schalk <we...@gmx.de> wrote:
> Hi Joshua,
> 
> thanks for your help. In your last email you agreed upon the suggestions David
> Adams had (e.g. using sed a an output filter). I have tried this and it does
> not work.

Now I understand your confusion.  His suggestion was to perform this
sed on the source code of the scripts, not on their output.  In other
words, he is telling you to edit your scripts to reference the correct
variable.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Werner Schalk <we...@gmx.de>]

Hi Joshua,

thanks for your help. In your last email you agreed upon the suggestions David 
Adams had (e.g. using sed a an output filter). I have tried this and it does 
not work.

Thanks anyway.

All the best & bye,
Werner.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Joshua Slive <js...@gmail.com>]

On 6/24/05, Werner Schalk <we...@gmx.de> wrote:
> Hi,
> 
> well apologies for bringing this issue up again but none of the suggested
> solutions actually does work.

I'm not sure how many ways I can say this: There is no way to do what
you want with the included apache modules, and I don't know of any
third party modules that do it either.

You need to either write a custom apache module, hack the existing
code, or program around it in your CGI/php scripts.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR (follow-up)

[Werner Schalk <we...@gmx.de>]

Hi,

just a quick follow-up:

Thanks to Thomas Eibner, it got it working:

> I believe this module does it already:
> http://stderr.net/apache/rpaf/

Yeah!

All the best and thanks again,
Werner.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Scott Gifford <sg...@suspectclass.com>]

Werner Schalk <we...@gmx.de> writes:

> Hi,
>
> well of course I could use HTTP_X_FORWARDED_FOR instead of REMOTE_ADDR in all 
> my scripts but the problem is that I have some customers and their scripts 
> are relying on REMOTE_ADDR so I don't want to ask them to change their 
> scripts...

Ah.  Is everything you're concerned about written in PHP?  If so,
perhaps PHP has some mechanism for running a bit of code before each
PHP file is loaded; I believe this is possible with mod_perl, for
example.  Maybe the PHP folks would have some useful ideas.

Otherwise it sounds like you're stuck writing a small Apache module,
or hiring somebody to write one for you.  Sounds like a hassle, but at
least a moderately interesting hassle.  :)

----ScottG.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Werner Schalk <we...@gmx.de>]

Hi,

well of course I could use HTTP_X_FORWARDED_FOR instead of REMOTE_ADDR in all 
my scripts but the problem is that I have some customers and their scripts 
are relying on REMOTE_ADDR so I don't want to ask them to change their 
scripts...

Thanks.

Bye,
Werner

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Scott Gifford <sg...@suspectclass.com>]

Werner Schalk <we...@gmx.de> writes:

> Hi,
>
> well apologies for bringing this issue up again but none of the suggested 
> solutions actually does work. I tried the following output filter:

Why do you need to solve it exactly this way?  Can't you instruct your
code or your Apache to simply consult HTTP_X_FORWARDED_FOR instead of
or in addition to REMOTE_ADDR?

It looks like your application is in PHP.  Can't you simply set the
environment variables how you want them when your code starts running,
perhaps using a library if you need to do it many places?

----ScottG.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Werner Schalk <we...@gmx.de>]

Hi,

well apologies for bringing this issue up again but none of the suggested 
solutions actually does work. I tried the following output filter:

ExtFilterDefine proxy_hack mode=output intype=text/html outtype=text/html 
cmd="/bin/sed 's/HTTP_X_FORWARDED_FOR/REMOTE_ADDR/g'"

Enabling this output filter in the appropriate vhost leads phpinfo to 
displaying the variable REMOTE_ADDR twice and containing both the private (IP 
of the internal Apache server) as well as the public IP address (which was 
forwarded by the proxy server). I wasn't sure about the order of 
HTTP_X_FORWARDED_FOR and REMOTE_ADDR so I tried this as well:

ExtFilterDefine proxy_hack mode=output intype=text/html outtype=text/html 
cmd="/bin/sed 's/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g'"

This will remove REMOTE_ADDR completely. I also tried to use mod_headers but 
that did not work at all:

Header unset REMOTE_ADDR
Header set REMOTE_ADDR %{HTTP_X_FORWARDED_FOR}e

That doesn't change REMOTE_ADDR at all like.

So I still don't have a solution. Any input is still greatly 
appreciated...Thanks for your helo guys!

Thanks and bye,
Werner

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_rewrite: Overwriting REMOTE_ADDR with HTTP_X_FORWARDED_FOR

[Joshua Slive <js...@gmail.com>]

On 6/24/05, Werner Schalk <we...@gmx.de> wrote:
> Hi,
> 
> I would like to use mod_rewrite to overwrite the environment variable
> REMOTE_ADDR with the value of HTTP_X_FORWARDED_FOR because I am using Apache
> 2 in a reverse / forward proxy scenario where the original IP address of the
> client is not passed on to the internal Apache server:

> I have posted this several weeks ago but all the solutions did not work for
> me. So I tried this mod_rewrite rule:

I already explained to you that you can't do this:
http://mail-archives.apache.org/mod_mbox/httpd-users/200506.mbox/%3ce498c166050615070734caf364@mail.gmail.com%3e
Is there some part of that you didn't understand?

> 
> RewriteEngine On
> RewriteRule ^(.*) [env=REMOTE_ADDR:%{HTTP_X_FORWARDED_FOR}]

This is broken because it is trying to rewrite to the URL "[env...". 
You need a dash after the patter to indicate that no rewriting will
occur.  But as I've already told you, it won't work anyway.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org