On Thu, 21 Oct 2004, Haroon Rafique wrote: [ ... ] > I wanted to discuss making remote_ip settable (sorry no sub-test here - > don't know how to write one). > > I am currently using read/write remote_ip (pre 1.99_15) in production > right now. Making it readonly breaks the following functionality. > > If you search the modperl users' mailing list for the following search > terms: > > x-forwarded-for remote_ip > > here's a link to the search: > http://marc.theaimsgroup.com/?l=apache-modperl&w=2&r=1&s=x-forwarded-for+remote_ip&q=b > > The most requested use for being able to set remote_ip is due to the very > popular reverse proxy setup for typical mod_perl installations. Light > apache in the front-end, heavy mod_perl apache in the back-end. > > The front end has the following reverse proxy directives: > > ProxyPass /perl/ http://localhost:8103/perl/ > ProxyPassReverse /perl/ http://localhost:8103/perl/ > > Due to the reverse proxy setup, the original client IP is lost and all IP > addresses are reported as 127.0.0.1 (front-end). Since mod_proxy > conveniently adds a X-Forwarded-For header to the proxied requests > automatically, you can indeed grab the last value in that header and then > use it to "set" remote_ip to the client's IP so that the back-end receives > the client's IP.
There's a discussion on perlmonks about this: http://www.perlmonks.org/?node_id=390160 with reference to http://www.openinfo.co.uk/apache/ With due care to determining trusted proxies, it shows that in the header X-Forwarded-For: client1, proxy1, proxy2 the client's IP address is the left-most entry in this list. -- best regards, randy -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
