Hi Eddie, It works for me because I'm not replacing the original address. As I have my own authentication routines, I check the X-FORWARDED-FOR header when it is available, else the usual one. So I never tried to do what you are trying to do, hence I can't help you much, I'm sorry about that. On the other hand, you might try to get in touch with the author of the module, Ask Bjoern Hansen([EMAIL PROTECTED]). He was the one who kindly pointed me to the URL I gave you and he was quite helpful. But if you are trying to do what I think, you might have run out of luck. If you change the original IP inside Apache with mod_perl, or any other module, this doesn't mean that the Orion server will use it when creating the request object. Orion has its own way of constructing the request and it probably uses the IP of the originating call to it, the proxy in this case. To be able to change the way the request is constructed, you should have access to the orion source, as somebody else pointed out, or you might ask the Ironflare guys to add this feature. From the Java point of view, somebody has to read the X-FORWARDED-FOR header IN THE ORION SIDE and take into account, because from the Apache side, you cannot influence the way the Java requests are built on the orion side. If you could modify the request somehow, this would be a nice job for a JSDK2.3 filter. Good luck, D. Eddie wrote: > > Daniel, > > Thanks for you solution....it almost works... ;) > > I installed the module and indeed I do get the X-FORWARDED-FOR name as > header with the client's ip address. > --- > HEADER NAME: X-FORWARDED-FOR > HEADER value: 10.0.0.62 > ---- > > I only have problem using a perl handler to replace the ip address that java > reads (in the header) with the above header (Until now I only did simple > things with mod_perl). > > I tried it like the example in the source code of the mod_proxy_add_forward > suggested: including a subroutine in the startup.pl script and calling it > with an PerlPostReadRequestHandler.. > Hoewer this doesn't work. I tried some other stuff but... no luck.. > Can you tell me who you did this ?? what did you put in you httpd.conf ?, > what script did you use ? and where did you put it ? > > Thanks, > Eddie > > ----- Original Message ----- > From: Daniel López <[EMAIL PROTECTED]> > To: Orion-Interest <[EMAIL PROTECTED]> > Sent: Wednesday, June 06, 2001 7:49 AM > Subject: Re: getRemoteAddr() - APACHE as proxy !! > > > Well, > > > > I have some partially good news: There is a way around that using > > Apache. I'm also using it as a proxy, to concentrate all the services on > > the standard HTTP port while keeping different Orion instances running, > > and as some of our security requirements take into account the IP from > > the client, so I run onto the same problem. I queried the mod_proxy > > list and I got a patch that includes, as an extra HTTP header, the > > client original IP. This solves the problem for our own custom > > authentication, as we check first if this header is available or not, if > > it is, then we check the IP agains this value. > > The problem here would be if you use some authentication mechanism that > > you cannot modify so it checks for this extra header. > > Here it is, the URL I was given and from where you can download the > > patch: http://develooper.com/code/mpaf/ > > I hope this helps, > > D. > > > > > > elephantwalker wrote: > > > > > > Andre, > > > > > > Sorry, but the loadbalancer.jar has the same problem. For example, the > > > access logs for the various orion servers only report the ip of the > > > loadbalancer...not very interesting. > > > > > > Regards, > > > > > > the elephantwalker > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Andre Vanha > > > Sent: Tuesday, June 05, 2001 12:55 PM > > > To: Orion-Interest > > > Subject: RE: getRemoteAddr() - APACHE as proxy !! > > > > > > I've run into the same problem. I don't think there is any way around > this, > > > since the Apache module is a simple proxy. > > > It would be necessary to improve the Apache plugin to send some extra > > > headers, and then have orion interpret them. > > > However without an open API through which to construct the HTTP requests > > > coming into orion, you would have to interpret these headers in your own > > > code. > > > > > > One possible avanue is Orion's load balancer. I haven't had a chance to > > > test it, but does it suffer from the same problem? > > > It may already have an API that allows it to pass through the original > IP > > > address (and other info) to the actual server, which could be emulated > by a > > > web server plugin. > > > > > > Andre > > > > > > -----Original Message----- > > > From: Eddie [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, June 05, 2001 10:30 AM > > > To: Orion-Interest > > > Subject: Re: getRemoteAddr() - APACHE as proxy !! > > > > > > OK, > > > In the meantime I found out what is wrong: > > > I am using apache as a proxy server, and therefore I do get the IP > address > > > of the server. > > > How can I overcome this ?? Such that getRemoteAddr() does return the > > > client's IP address in my servlets. > > > > > > Eddie > > > > > > ----- Original Message ----- > > > From: Eddie <mailto:[EMAIL PROTECTED]> > > > To: Orion-Interest <mailto:[EMAIL PROTECTED]> > > > Sent: Tuesday, June 05, 2001 2:12 PM > > > Subject: getRemoteAddr() > > > > > > Hellu there, > > > > > > If I use getRemoteAddr() to get the IP address of the client the makes > the > > > servlet requests it return the IP address of the server ?? (also > > > getRemoteHost() returns the server name). > > > > > > Any idea how come ?? > > > I am running jdk 1.3 and the servlets run on the application server > Orion > > > 1.5.1 > > > (OS: Linux redhat 7.0) > > > > > > (I can remember that a JSP on JSERv on apache didn't had this problem, > so I > > > quess it's Orion .. not ??) > > > > > > Eddie > > > > -- ------------------------------------------- Daniel Lopez Janariz ([EMAIL PROTECTED]) Web Services Computer Center Balearic Islands University -------------------------------------------
