On Wed, Feb 06, 2013 at 10:57:50AM -0500, John Bazik wrote:
> I have an nginx proxy on a separate server passing requests to apache.
> I am not using ipv6. Rpaf works, in as much as the logs show the original
> client ip addresses. But when I try to use allow/deny directives from
> an .htaccess file, referencing either domain names or ip addresses, they
> are not honored. All proxied requests are treated as though they come
> from the proxy host.
Sorry, I can't reproduce this mess. For me, it works. Either send
more info (examples of your allow/deny directives, enabled apache
modules) - or wait until someone would be able to reproduce this.
An example, nginx.conf:
-->8--
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass_header Server;
upstream backend {
server 127.0.0.1:40080;
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
-->8--
rpaf.conf:
<IfModule rpaf_module>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
</IfModule>
status.conf:
<Location /server-status>
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
# It works. I can disable this to disallow access:
Allow from 111.222.333.444
Allow from 192.168.2.0/24
</Location>
> Rpaf runs before access, so it seems like rpaf doesn't do whatever
> is necessary for access to see the client ip.
Or you do something wrong. I didn't see your configuration, I can't
tell.
> Googling around, there are lots of confusing discussions
For example?
> I saw, for instance, the discussion of the ipv6 bug report,
> which makes it seem like this problem was fixed.
This patch was dropped time ago (after Squeeze) by QA upload. Anyway,
this issue was fixed in 0.5-3+squeeze1.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
