Re: Changing REMOTE_ADDR passing to a request.
On Sun, Nov 12, 2000 at 09:09:49PM +0800, Alson Wong wrote:
>
> The $ENV{'REMOTE_ADDR'}of server B still return the real ip address of
> server A.
Check out the link I sent to The Guide (tm), there's a Perl snippet
to recover the IP and do the ->remote_ip() call:
> From: barries <[EMAIL PROTECTED]>
> >
> > To catch the header on the backend, you can have a look at the
> > Guide:
> >
> >
> http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP_in_.html
- Barrie
Re: Changing REMOTE_ADDR passing to a request.
Hello ,
If I understand well what you want , you want to spoof the real IP adress of
server A to make server B think that he is speaking to A' .
Lets see the apache.pm pod :
=item $c->remote_ip
The dotted decimal representation of the remote client's IP address.
This is set by the server when the connection record is created so
is always defined.
You can also set this value by providing an argument to it. This is
helpful if your server is behind a squid accelerator proxy which adds
a X-Forwarded-For header.
1)How this make you think that adding the X-Forwarded-For header will
change the value of $c->remote_ip ?
and this :
=item $c->remote_addr
A packed SOCKADDR_IN in the same format as returned by
L, containing the port and address on the
remote host that the server is connected to. This is set by the
server when the connection record is created so it is always defined.
2) This mean that if the server B use $c->remote_addr method he will
get the real ip that he is connected to , so no way to spoof it .
(and if I understand well this method is used by apache to set $ENV)
3) In my way the only way to change the value of $c->remote_addr
is to create an proxy server between :
B<-->PROXY<>A
and remove X-Forwarded-For at the proxy , so B will never know that he is
speaking
to A.
Good luck !
Best
CB
- Original Message -
From: "Alson Wong" <[EMAIL PROTECTED]>
To: "barries" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 12, 2000 2:09 PM
Subject: Re: Changing REMOTE_ADDR passing to a request.
> hi,
> I have not use mod_proxy_add_forward before. I have download the source
code
> and have a look at it.
> It seems like just passing "X-Forwarded-For" in a header of a request. I
> think
> this is same as my code here:
>
> use LWP::UserAgent;
> $ua = new LWP::UserAgent;
> my $reqq =
> HTTP::Request->new('GET','http://www.serverB.com/cgi-bin/ip.cgi');
> $reqq->header('X-Forwarded-For'=>'1.2.3.4');
> $reqq->header('Remote_Addr'=>'1.2.3.4'); # this line won't work.
> my $ress = $ua->request($reqq);
> print $ress->as_string;
>
> The $ENV{'REMOTE_ADDR'}of server B still return the real ip address of
> server A.
> So, how do I change the $ENV{'REMOTE_ADDR'}of server B to 1.2.3.4 without
> changing anything at server B ?
>
> If I am wrong with the mod_proxy_add_forward, please point it out. Because
I
> have no idea how to implement the mod_proxy_add_forward in to mod_proxy of
> Apache.
>
> And no idea how to use it too. If you got some clue, please tell me how to
> start using that module, if it really works.
>
> Thanks.
>
> [EMAIL PROTECTED]
>
>
>
>
> - Original Message -
> From: barries <[EMAIL PROTECTED]>
> To: Alson Wong <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Sunday, November 12, 2000 11:34 AM
> Subject: Re: Changing REMOTE_ADDR passing to a request.
>
>
> > On Sun, Nov 12, 2000 at 11:07:59AM +0800, Alson Wong wrote:
> > >
> > > So, how do I pass/set the environment variable of REMOTE_ADDR from
> > > server A ? So that I can control the env of remote_addr at the server
> > > B ?
> >
> > Well, you could do it several ways. The "normal" way is to set a
> > header in the request that A sends to be, usually the same one that
> > various caching proxy servers do, namely X-Forwarded-For. You won't
> > be able to do that with LWP::Simple, have a look at the main LWP
> > page for details on how to make more sophisticated requests. I'm
> > assuming you've ruled out using Apache's mod_proxy, and therefore that
> > you won't be wanting to use mod_proxy_add_forward.
> >
> > Then, in the B server, you can peel it out of the Apache request
> > object manually as part of your script, or you can do it in an earlier
> > handler phase and make a $r->remote_ip() call like the one you were
> > making in the A server.
> >
> > To catch the header on the backend, you can have a look at the
> > Guide:
> >
> >
>
http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP
> _in_.html
> >
> > > my $r = shift;
> > > $r->connection->remote_ip('1.2.3.4');
> > >
> > > it only works in server A, meaning,
> > > $ENV{'REMOTE_ADDR'} in Server A return 1.2.3.4, but $ENV
> > > {'REMOTE_ADDR'} in server B still return the Server A ip address.
> >
> > Right: nothing passes environment variables between the servers. You
> > need to establish your own channel (the header mentioned above) for
> > passing that value and tweak the B server to recover the value and
> > stuff it in the environment variable.
> >
> > HTH,
> >
> > Barrie
> >
>
Re: Changing REMOTE_ADDR passing to a request.
hi,
I have not use mod_proxy_add_forward before. I have download the source code
and have a look at it.
It seems like just passing "X-Forwarded-For" in a header of a request. I
think
this is same as my code here:
use LWP::UserAgent;
$ua = new LWP::UserAgent;
my $reqq =
HTTP::Request->new('GET','http://www.serverB.com/cgi-bin/ip.cgi');
$reqq->header('X-Forwarded-For'=>'1.2.3.4');
$reqq->header('Remote_Addr'=>'1.2.3.4'); # this line won't work.
my $ress = $ua->request($reqq);
print $ress->as_string;
The $ENV{'REMOTE_ADDR'}of server B still return the real ip address of
server A.
So, how do I change the $ENV{'REMOTE_ADDR'}of server B to 1.2.3.4 without
changing anything at server B ?
If I am wrong with the mod_proxy_add_forward, please point it out. Because I
have no idea how to implement the mod_proxy_add_forward in to mod_proxy of
Apache.
And no idea how to use it too. If you got some clue, please tell me how to
start using that module, if it really works.
Thanks.
[EMAIL PROTECTED]
- Original Message -
From: barries <[EMAIL PROTECTED]>
To: Alson Wong <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, November 12, 2000 11:34 AM
Subject: Re: Changing REMOTE_ADDR passing to a request.
> On Sun, Nov 12, 2000 at 11:07:59AM +0800, Alson Wong wrote:
> >
> > So, how do I pass/set the environment variable of REMOTE_ADDR from
> > server A ? So that I can control the env of remote_addr at the server
> > B ?
>
> Well, you could do it several ways. The "normal" way is to set a
> header in the request that A sends to be, usually the same one that
> various caching proxy servers do, namely X-Forwarded-For. You won't
> be able to do that with LWP::Simple, have a look at the main LWP
> page for details on how to make more sophisticated requests. I'm
> assuming you've ruled out using Apache's mod_proxy, and therefore that
> you won't be wanting to use mod_proxy_add_forward.
>
> Then, in the B server, you can peel it out of the Apache request
> object manually as part of your script, or you can do it in an earlier
> handler phase and make a $r->remote_ip() call like the one you were
> making in the A server.
>
> To catch the header on the backend, you can have a look at the
> Guide:
>
>
http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP
_in_.html
>
> > my $r = shift;
> > $r->connection->remote_ip('1.2.3.4');
> >
> > it only works in server A, meaning,
> > $ENV{'REMOTE_ADDR'} in Server A return 1.2.3.4, but $ENV
> > {'REMOTE_ADDR'} in server B still return the Server A ip address.
>
> Right: nothing passes environment variables between the servers. You
> need to establish your own channel (the header mentioned above) for
> passing that value and tweak the B server to recover the value and
> stuff it in the environment variable.
>
> HTH,
>
> Barrie
>
Re: Changing REMOTE_ADDR passing to a request.
On Sun, Nov 12, 2000 at 11:07:59AM +0800, Alson Wong wrote:
>
> So, how do I pass/set the environment variable of REMOTE_ADDR from
> server A ? So that I can control the env of remote_addr at the server
> B ?
Well, you could do it several ways. The "normal" way is to set a
header in the request that A sends to be, usually the same one that
various caching proxy servers do, namely X-Forwarded-For. You won't
be able to do that with LWP::Simple, have a look at the main LWP
page for details on how to make more sophisticated requests. I'm
assuming you've ruled out using Apache's mod_proxy, and therefore that
you won't be wanting to use mod_proxy_add_forward.
Then, in the B server, you can peel it out of the Apache request
object manually as part of your script, or you can do it in an earlier
handler phase and make a $r->remote_ip() call like the one you were
making in the A server.
To catch the header on the backend, you can have a look at the
Guide:
http://thingy.kcilink.com/modperlguide/scenario/Getting_the_Remote_Server_IP_in_.html
> my $r = shift;
> $r->connection->remote_ip('1.2.3.4');
>
> it only works in server A, meaning,
> $ENV{'REMOTE_ADDR'} in Server A return 1.2.3.4, but $ENV
> {'REMOTE_ADDR'} in server B still return the Server A ip address.
Right: nothing passes environment variables between the servers. You
need to establish your own channel (the header mentioned above) for
passing that value and tweak the B server to recover the value and
stuff it in the environment variable.
HTH,
Barrie
