> * Jeff Bisbee ([EMAIL PROTECTED]) wrote: > > # set actual ip of host doing the requesting instead of the > proxy > > my ($actual_remote_ip) = split /,/, > $r->header_in('X-Forwarded-For'); > > $r->connection->remote_ip($actual_remote_ip) if > $actual_remote_ip; > > > > I just wanted to make sure there would be any conditions that the > above > > code wouldn't handle. > > I guess I just want some quick feedback to make sure I'm going > about > replacing the IP the right way and there isn't a better way to do > it.
See http://perl.apache.org/docs/1.0/guide/scenario.html#Usage for a better example. The problem with this snippet is that now anyone can send their own X-Forwarded-For header and forge the source IP address. Better check that the request is actually coming from your reverse proxy. I'll paste it here from the link (but yahoo mail will probably mangle it somehow): use Apache::Constants (); sub My::ProxyRemoteAddr ($) { my $r = shift; # we'll only look at the X-Forwarded-For header if the requests # comes from our proxy at localhost return Apache::Constants::OK unless ($r->connection->remote_ip eq "127.0.0.1") and $r->header_in('X-Forwarded-For'); # Select last value in the chain -- original client's ip if (my ($ip) = $r->headers_in->{'X-Forwarded-For'} =~ /([^,\s]+)$/) { $r->connection->remote_ip($ip); } return Apache::Constants::OK; } __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail