I've been banging my head against a wall about a particular issue, but I'm at something of a loss.
I've got a reverse proxy setup in front of apache (2.2.10 with mp 2.0.4) and setting $r->connection->remote_ip based on a header I add on the reverse proxy. All that is working ok. The bit that I'm perplexed about is that when I call $r->connection->remote_ip( $new_ip ), the corresponding ip in $r->connection->remote_addr (i.e. what's returned by "APR::SockAddr::ip_get") is still set to the original IP. I've verified on my existing Apache1 boxes that when I call $r->connection->remote_ip( $new_ip ), the remote_addr structure is getting set. I've been doing this reverse proxying with apache1 for quite a while and haven't seen this come up ever. Here's a line of code and the resulting error_log excerpt from apache2 where the remote IP that I'm setting is 1.1.1.1 but the real address of the reverse proxy is 192.168.1.33: $r->log_error( "[$$] [postread] remote_ip is now " . $r->connection->remote_ip() . ", socket: " . $r->connection->remote_addr->ip_get ); [Thu Dec 18 12:16:10 2008] [error] [6938] [postread] remote_ip is now 1.1.1.1, socket: 192.168.1.33 Here's the same from apache1 with all the extra stuff to deal with the packed sockaddr: my $remote_addr = $r->connection->remote_addr; my ( $remote_addr_port, $remote_addr_ip ) = sockaddr_in( $remote_addr ); $remote_addr_ip = inet_ntoa( $remote_addr_ip ); $r->log_error( "[$$] [postread] remote_ip is now " . $r->connection->remote_ip() . ", socket: $remote_addr_ip" ); [Thu Dec 18 13:14:50 2008] [error] [7179] [postread] remote_ip is now 1.1.1.1, socket: 1.1.1.1 The significance is that if you do IP-based allow/deny in your apache conf and/or .htaccess via mod_authz_host, it seems to be using the remote_addr structure, so if I set, e.g., "Deny from 1.1.1.1" on apache2, it doesn't actually deny it but setting it to "Deny from 192.168.1.33" or "Deny from 192.168." denies it. On apache1, it's correctly denying based on the address I'm setting with $r->connection->remote_ip( $new_ip ). I've also verified that the same thing happens on a stock Debian Etch apache2+mp (2.2.8 + mp 2.0.3), so it's not limited to apache 2.2.10 or mp 2.0.4. Am I doing something very wrong? I don't see that the Apache2::Connection API has changed with regards to remote_ip() and this same setup worked just fine in apache1. How are other people doing this with apache2/mp2?
