On Wed, Feb 06, 2013 at 10:57:50AM -0500, John Bazik wrote: > I have an nginx proxy on a separate server passing requests to apache. > I am not using ipv6. Rpaf works, in as much as the logs show the original > client ip addresses. But when I try to use allow/deny directives from > an .htaccess file, referencing either domain names or ip addresses, they > are not honored. All proxied requests are treated as though they come > from the proxy host.
Sorry, I can't reproduce this mess. For me, it works. Either send more info (examples of your allow/deny directives, enabled apache modules) - or wait until someone would be able to reproduce this. An example, nginx.conf: -->8-- proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass_header Server; upstream backend { server 127.0.0.1:40080; } server { listen 80; location / { proxy_pass http://backend; } -->8-- rpaf.conf: <IfModule rpaf_module> RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 </IfModule> status.conf: <Location /server-status> <IfModule mod_rewrite.c> RewriteEngine off </IfModule> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 # It works. I can disable this to disallow access: Allow from 111.222.333.444 Allow from 192.168.2.0/24 </Location> > Rpaf runs before access, so it seems like rpaf doesn't do whatever > is necessary for access to see the client ip. Or you do something wrong. I didn't see your configuration, I can't tell. > Googling around, there are lots of confusing discussions For example? > I saw, for instance, the discussion of the ipv6 bug report, > which makes it seem like this problem was fixed. This patch was dropped time ago (after Squeeze) by QA upload. Anyway, this issue was fixed in 0.5-3+squeeze1. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org