Re: getRemoteAddr() - APACHE as proxy !! HMMMMM

2001-06-08 Thread Eddie 

Thanks Daniel,

I understand you point, and will do it the same way you do.

Eddie.

- Original Message -
From: Daniel López <[EMAIL PROTECTED]>
To: Orion-Interest <[EMAIL PROTECTED]>
Sent: Friday, June 08, 2001 8:05 AM
Subject: Re: getRemoteAddr() - APACHE as proxy !! HM


> Hi Eddie,
>
> It works for me because I'm not replacing the original address. As I
> have my own authentication routines, I check the X-FORWARDED-FOR header
> when it is available, else the usual one. So I never tried to do what
> you are trying to do, hence I can't help you much, I'm sorry about that.
> On the other hand, you might try to get in touch with the author of the
> module, Ask Bjoern Hansen([EMAIL PROTECTED]). He was the one who kindly
> pointed me to the URL I gave you and he was quite helpful.
> But if you are trying to do what I think, you might have run out of
> luck. If you change the original IP inside Apache with mod_perl, or any
> other module, this doesn't mean that the Orion server will use it when
> creating the request object. Orion has its own way of constructing the
> request and it probably uses the IP of the originating call to it, the
> proxy in this case. To be able to change the way the request is
> constructed, you should have access to the orion source, as somebody
> else pointed out, or you might ask the Ironflare guys to add this
> feature. From the Java point of view, somebody has to read the
> X-FORWARDED-FOR header IN THE ORION SIDE and take into account, because
> from the Apache side, you cannot influence the way the Java requests are
> built on the orion side. If you could modify the request somehow, this
> would be a nice job for a JSDK2.3 filter.
> Good luck,
> D.
>
> Eddie wrote:
> >
> > Daniel,
> >
> > Thanks for you solutionit almost works... ;)
> >
> > I installed the module and indeed I do get the X-FORWARDED-FOR name as
> > header with the client's ip address.
> > ---
> > HEADER NAME: X-FORWARDED-FOR
> > HEADER value: 10.0.0.62
> > 
> >
> > I only have problem using a perl handler to replace the ip address that
java
> > reads (in the header) with the above header (Until now I only did simple
> > things with mod_perl).
> >
> > I tried it like the example in the source code of the
mod_proxy_add_forward
> > suggested: including a subroutine in the startup.pl script and calling
it
> > with an PerlPostReadRequestHandler..
> > Hoewer this doesn't work. I tried some other stuff but... no luck..
> > Can you tell me who you did this ?? what did you put in you httpd.conf
?,
> > what script did you use ? and where did you put it ?
> >
> > Thanks,
> > Eddie
> >
> > - Original Message -
> > From: Daniel López <[EMAIL PROTECTED]>
> > To: Orion-Interest <[EMAIL PROTECTED]>
> > Sent: Wednesday, June 06, 2001 7:49 AM
> > Subject: Re: getRemoteAddr() - APACHE as proxy !!
> >
> > > Well,
> > >
> > > I have some partially good news: There is a way around that using
> > > Apache. I'm also using it as a proxy, to concentrate all the services
on
> > > the standard HTTP port while keeping different Orion instances
running,
> > > and as some of our security requirements take into account the IP from
> > > the client, so  I run onto the same problem. I queried the mod_proxy
> > > list and I got a patch that includes, as an extra HTTP header, the
> > > client original IP. This solves the problem for our own custom
> > > authentication, as we check first if this header is available or not,
if
> > > it is, then we check the IP agains this value.
> > > The problem here would be if you use some authentication mechanism
that
> > > you cannot modify so it checks for this extra header.
> > > Here it is, the URL I was given and from where you can download the
> > > patch: http://develooper.com/code/mpaf/
> > > I hope this helps,
> > > D.
> > >
> > >
> > > elephantwalker wrote:
> > > >
> > > > Andre,
> > > >
> > > > Sorry, but the loadbalancer.jar has the same problem. For example,
the
> > > > access logs for the various orion servers only report the ip of the
> > > > loadbalancer...not very interesting.
> > > >
> > > > Regards,
> > > >
> > > > the elephantwalker
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Andre
Vanha
> > > > Sent: Tuesday

Re: getRemoteAddr() - APACHE as proxy !! HMMMMM

2001-06-08 Thread Daniel López 

Hi Eddie,

It works for me because I'm not replacing the original address. As I
have my own authentication routines, I check the X-FORWARDED-FOR header
when it is available, else the usual one. So I never tried to do what
you are trying to do, hence I can't help you much, I'm sorry about that.
On the other hand, you might try to get in touch with the author of the
module, Ask Bjoern Hansen([EMAIL PROTECTED]). He was the one who kindly
pointed me to the URL I gave you and he was quite helpful.
But if you are trying to do what I think, you might have run out of
luck. If you change the original IP inside Apache with mod_perl, or any
other module, this doesn't mean that the Orion server will use it when
creating the request object. Orion has its own way of constructing the
request and it probably uses the IP of the originating call to it, the
proxy in this case. To be able to change the way the request is
constructed, you should have access to the orion source, as somebody
else pointed out, or you might ask the Ironflare guys to add this
feature. From the Java point of view, somebody has to read the
X-FORWARDED-FOR header IN THE ORION SIDE and take into account, because
from the Apache side, you cannot influence the way the Java requests are
built on the orion side. If you could modify the request somehow, this
would be a nice job for a JSDK2.3 filter.
Good luck,
D.

Eddie wrote:
> 
> Daniel,
> 
> Thanks for you solutionit almost works... ;)
> 
> I installed the module and indeed I do get the X-FORWARDED-FOR name as
> header with the client's ip address.
> ---
> HEADER NAME: X-FORWARDED-FOR
> HEADER value: 10.0.0.62
> 
> 
> I only have problem using a perl handler to replace the ip address that java
> reads (in the header) with the above header (Until now I only did simple
> things with mod_perl).
> 
> I tried it like the example in the source code of the mod_proxy_add_forward
> suggested: including a subroutine in the startup.pl script and calling it
> with an PerlPostReadRequestHandler..
> Hoewer this doesn't work. I tried some other stuff but... no luck..
> Can you tell me who you did this ?? what did you put in you httpd.conf ?,
> what script did you use ? and where did you put it ?
> 
> Thanks,
> Eddie
> 
> - Original Message -
> From: Daniel López <[EMAIL PROTECTED]>
> To: Orion-Interest <[EMAIL PROTECTED]>
> Sent: Wednesday, June 06, 2001 7:49 AM
> Subject: Re: getRemoteAddr() - APACHE as proxy !!
> 
> > Well,
> >
> > I have some partially good news: There is a way around that using
> > Apache. I'm also using it as a proxy, to concentrate all the services on
> > the standard HTTP port while keeping different Orion instances running,
> > and as some of our security requirements take into account the IP from
> > the client, so  I run onto the same problem. I queried the mod_proxy
> > list and I got a patch that includes, as an extra HTTP header, the
> > client original IP. This solves the problem for our own custom
> > authentication, as we check first if this header is available or not, if
> > it is, then we check the IP agains this value.
> > The problem here would be if you use some authentication mechanism that
> > you cannot modify so it checks for this extra header.
> > Here it is, the URL I was given and from where you can download the
> > patch: http://develooper.com/code/mpaf/
> > I hope this helps,
> > D.
> >
> >
> > elephantwalker wrote:
> > >
> > > Andre,
> > >
> > > Sorry, but the loadbalancer.jar has the same problem. For example, the
> > > access logs for the various orion servers only report the ip of the
> > > loadbalancer...not very interesting.
> > >
> > > Regards,
> > >
> > > the elephantwalker
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Andre Vanha
> > > Sent: Tuesday, June 05, 2001 12:55 PM
> > > To: Orion-Interest
> > > Subject: RE: getRemoteAddr() - APACHE as proxy !!
> > >
> > > I've run into the same problem.  I don't think there is any way around
> this,
> > > since the Apache module is a simple proxy.
> > > It would be necessary to improve the Apache plugin to send some extra
> > > headers, and then have orion interpret them.
> > > However without an open API through which to construct the HTTP requests
> > > coming into orion, you would have to interpret these headers in your own
> > > code.
> > >
> > > One possible avanue is Orion's load balancer.  I haven't had a chance to
> > > test it, but does it suffer from the same problem?
> > > It may already have an API that allows it to pass through the original
> IP
> > > address (and other info) to the actual server, which could be emulated
> by a
> > > web server plugin.
> > >
> > > Andre
> > >
> > > -Original Message-
> > > From: Eddie [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, June 05, 2001 10:30 AM
> > > To: Orion-Interest
> > > Subject: Re: getRemoteAddr() - APACHE as proxy !!
> > >
> > > OK,
> > > In the meantime I found out w

Re: getRemoteAddr() - APACHE as proxy !! HMMMMM

2001-06-07 Thread Eddie 

Daniel,

Thanks for you solutionit almost works... ;)

I installed the module and indeed I do get the X-FORWARDED-FOR name as
header with the client's ip address.
---
HEADER NAME: X-FORWARDED-FOR
HEADER value: 10.0.0.62


I only have problem using a perl handler to replace the ip address that java
reads (in the header) with the above header (Until now I only did simple
things with mod_perl).

I tried it like the example in the source code of the mod_proxy_add_forward
suggested: including a subroutine in the startup.pl script and calling it
with an PerlPostReadRequestHandler..
Hoewer this doesn't work. I tried some other stuff but... no luck..
Can you tell me who you did this ?? what did you put in you httpd.conf ?,
what script did you use ? and where did you put it ?

Thanks,
Eddie




- Original Message -
From: Daniel López <[EMAIL PROTECTED]>
To: Orion-Interest <[EMAIL PROTECTED]>
Sent: Wednesday, June 06, 2001 7:49 AM
Subject: Re: getRemoteAddr() - APACHE as proxy !!


> Well,
>
> I have some partially good news: There is a way around that using
> Apache. I'm also using it as a proxy, to concentrate all the services on
> the standard HTTP port while keeping different Orion instances running,
> and as some of our security requirements take into account the IP from
> the client, so  I run onto the same problem. I queried the mod_proxy
> list and I got a patch that includes, as an extra HTTP header, the
> client original IP. This solves the problem for our own custom
> authentication, as we check first if this header is available or not, if
> it is, then we check the IP agains this value.
> The problem here would be if you use some authentication mechanism that
> you cannot modify so it checks for this extra header.
> Here it is, the URL I was given and from where you can download the
> patch: http://develooper.com/code/mpaf/
> I hope this helps,
> D.
>
>
> elephantwalker wrote:
> >
> > Andre,
> >
> > Sorry, but the loadbalancer.jar has the same problem. For example, the
> > access logs for the various orion servers only report the ip of the
> > loadbalancer...not very interesting.
> >
> > Regards,
> >
> > the elephantwalker
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Andre Vanha
> > Sent: Tuesday, June 05, 2001 12:55 PM
> > To: Orion-Interest
> > Subject: RE: getRemoteAddr() - APACHE as proxy !!
> >
> > I've run into the same problem.  I don't think there is any way around
this,
> > since the Apache module is a simple proxy.
> > It would be necessary to improve the Apache plugin to send some extra
> > headers, and then have orion interpret them.
> > However without an open API through which to construct the HTTP requests
> > coming into orion, you would have to interpret these headers in your own
> > code.
> >
> > One possible avanue is Orion's load balancer.  I haven't had a chance to
> > test it, but does it suffer from the same problem?
> > It may already have an API that allows it to pass through the original
IP
> > address (and other info) to the actual server, which could be emulated
by a
> > web server plugin.
> >
> > Andre
> >
> > -Original Message-
> > From: Eddie [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, June 05, 2001 10:30 AM
> > To: Orion-Interest
> > Subject: Re: getRemoteAddr() - APACHE as proxy !!
> >
> > OK,
> > In the meantime I found out what is wrong:
> > I am using apache as a proxy server, and therefore I do get the IP
address
> > of the server.
> > How can I overcome this ?? Such that getRemoteAddr() does return the
> > client's IP address in my servlets.
> >
> > Eddie
> >
> > - Original Message -
> > From: Eddie 
> > To: Orion-Interest 
> > Sent: Tuesday, June 05, 2001 2:12 PM
> > Subject: getRemoteAddr()
> >
> > Hellu there,
> >
> > If I use getRemoteAddr()  to get the IP address of the client the makes
the
> > servlet requests it return the IP address of the server ?? (also
> > getRemoteHost() returns the server name).
> >
> > Any idea how come ??
> > I am running jdk 1.3 and the servlets run on the application server
Orion
> > 1.5.1
> > (OS: Linux redhat 7.0)
> >
> > (I can remember that a JSP on JSERv on apache didn't had this problem,
so I
> > quess it's Orion .. not ??)
> >
> > Eddie
>
>