No.Here both PHP and CGI scripts can get the X_FORWARDED_FOR ip,but
modperl can't.Is the %ENV hash not useful under modperl?
mod_perl is not CGI.
With mod_perl your perl interpreter is part of the apache process itself. So
making apache set up the environment is a waste of time, you can just access
*anything* you want within apache internally.
You shouldn't use X-Forwarded-For for this purpose:
1) You can't trust the header! Anybody could make requests from your system
and set a bogus X-Forwarded-For header and therefore feed fake IPs into your
system. You have a major security problem is you rely on this for any access
control, and any auditing process will have fake information.
2) Multiple clients may use the same internal IP ranges. So you'll get
addresses 192.168.0.173 from clients on both Client A's network and on
Client B's network.
All you can do is use the public IP you are receiving, and leave it to your
clients to figure out which internal user it was from their own internal
proxy logs.
The only time it would be safe to use X-Forwarded-For would be when there
*always* is a proxy server that you control (for example a reverse proxy).
Carl
