I have the same setup. Just put in a rewrite rule to add the client IP into the query string:
RewriteEngine On
RewriteRule ^/perl/(.*)$ http://localhost:8103/perl/$1?_client_ip=%{REMOTE_ADDR} [P,QSA]
Works like a charm. Then in your mod_perl stuff, you can grab the value of _client_ip from the query string using whichever way you like.
Cheers
Kyle Dawkins Central Park Software
On Thursday, Sep 25, 2003, at 13:15 US/Pacific, Haroon Rafique wrote:
Hi,
I have a slightly off topic inquiry. I've googled/RTFMed. I run mod_perl
in a reverse proxy setup. Light apache in the front-end, heavy mod_perl
apache in the back-end both running on the same machine.
The front end has the following reverse proxy directives:
ProxyPass /perl/ http://localhost:8103/perl/ ProxyPassReverse /perl/ http://localhost:8103/perl/
Due to the reverse proxy setup, the original client IP is lost and all IP
is reported as 127.0.0.1 (front-end). To extract the client's original IP
I was happy to learn that mod_proxy conveniently adds a X-Forwarded-For
header to the proxied requests automatically. On the back-end, I use:
PerlPostReadRequestHandler My::ProxyRemoteAddr
where My::ProxyRemoteAddr has code identical to http://perl.apache.org/docs/1.0/guide/scenario.html#Usage except for some minor mp2 migrations.
sub My::ProxyRemoteAddr ($) { my $r = shift;
# we'll only look at the X-Forwarded-For header if the requests # comes from our proxy at localhost return Apache::OK unless ($r->connection->remote_ip =~ m#^(127\.0\.0\.1|localhost\.localdomain)$#) and $r->header_in('X-Forwarded-For');
# Select last value in the chain -- original client's ip
if( my( $ip ) = $r->headers_in->{'X-Forwarded-For'} =~ /([^,\s]+)$/ )
{
$r->connection->remote_ip($ip);
$r->log_error("Recorded client IP from X-Forwarded-For header: ",
$r->headers_in->{'X-Forwarded-For'},
" as IP: ", $ip);
}
return Apache::OK; }
Everything is hunky dory. The back-end access_log have the client's IP address and the applications sees the correct address as well.
Here's the twist:
To secure the back-end, direct access to the back-end directly is
prohibited. The back-end config has the following directive to only allow
proxied requests to come through:
<Location /> order deny,allow deny from all allow from localhost 127.0.0.1 </Location>
If I keep this directive in the back-end config, the client's original IP
never makes it to the access_log. The application does however get the
correct IP address.
apache 2.0.47 mod_perl 1.99_09 perl 5.8.0
Anyone else experienced the same? Needless to say, I would like to keep the site secure, as well maintain the client's original IP in the logs.
On second thought, this looks more and more like an apache issue. -- Haroon Rafique <[EMAIL PROTECTED]>
