On 18 Nov 2011, at 4:23 PM, Graham Leggett wrote:
The lines I was thinking along was that effective_ip was in addition to the remote_ip, rather than instead of. The log format wouldn't change, there would be a new value that would represent the effective IP, in addition to the existing value that represented the real IP.Existing modules can continue using conn_rec->remote_ip and it will still work the same as before.
Far easier to express this as a patch:- There is an explicit idea of a "real" ip address (belonging to the load balancer) and an "effective" IP address (upstream IP address) at the same time, no overloading of one for the other or mixing them up. - By default, the effective IP is made equal to the real IP, until the admin adds a module to change this.
- Adds a hook called ap_effective_ip();- Addition of an EFFECTIVE_ADDR environment variable in addition to REMOTE_ADDR, which remains unchanged; - Addition of appropriate logging variables, leaving the current ones unchanged; - Addition of "require effective-ip" in addition to the existing unchanged "require ip".
- Needs testing and documentation, but you get the idea. Regards, Graham --
httpd-effective_ip.patch
Description: Binary data
