Re: [users@httpd] mod_proxy / mod_rewrite: Passing remote IP address to internal server
Have you tried looking at the X-Forwarded-For header? (Appears in CGI scripts as HTTP_X_FORWARDED_FOR) This is passed automatically by mod_proxy, as far as I know. yes I know this but all the scripts of my customers are looking for REMOTE_ADDR etc. So how can I forward this to my internal servers behind the proxy server? Werner, (You're probably not going to like this answer - all I can say is that I'm sorry, I'm not an Apache developer and I'm not a mod_rewrite guru. Nor do I manage more than about fifty users with CGI web pages, and our attitude to them is very much 'if it breaks, fix it yourself'.) From what I understand of CGI, it is difficult do this. The REMOTE_ADDR variable is set on the receiving (internal) server - you'll have to override it from there. You might want to examine: - mod_rewrite on the internal servers - I don't know enough about mod_rewrite to be able to tell you if (and how) it can change local CGI variables. - writing some evil wrapper that rearranges - for example, replacing your PERL/Python/whatever executables with a shell script that tests for the presence of X_FORWARDED_FOR and replaces REMOTE_ADDR with its contents. Be careful with this - X_FORWARDED_FOR does -not- have the same semantics as REMOTE_ADDR (see what happens when you pass through two proxy servers, for example). - sed s/REMOTE_ADDR/HTTP_X_FORWARDED_FOR/g and warning your customers! There are bucketloads of examples for detecting and fixing proxy headers Have a look at the nearest thing to a CGI standard at http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html for more information on CGI variables. The second option above is what someone like me would do :-) (we have no qualms about 'evil hacks' here - our version of suexec has to be patched every time we upgrade Apache, to give just one example). Best of luck, David Adam [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] mod_deflate w/reverse proxy
Serge, On Tue, 14 Jun 2005, Serge Knystautas wrote: I'm having trouble using mod_deflate to compress content that is going through my reverse proxy using apache 2.0.46. All requests go to a default virtual host, and then I use RewriteConf/RewriteRule [P] to carve off certain hostnames to reverse proxy to another webserver. We use this approach for testing, so normally everyone sees the regular set of files, but before deploying I can setup special hostnames to see a newer site version. snip config and examples Beyond instantly telling me how to fix this, I'm mainly hoping for suggestions to diagnose why the filter would not get applied to the proxy requests. Thanks in advance. I ran into a similar problem with mod_gzip on 1.3. I found that the 'mod_gzip_item_include handler proxy-server' configuration directive fixed this - there might be something similar for mod_deflate. Cheers, David Adam [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Unescaping proxied URLs (httpd 1.3)
Hi everyone, We're running Apache HTTPD 1.3.33 on a Debian-stable server (although we do have a server on 2.0.54 if that will make things easier), and I'm attempting to set up a reverse proxy but keep running into trouble with URL escapes. A server on a nearby subnet is causing big problems for users on dialup because it returns massive pages (250+ Kb), and several clients keep timing out. It's not an Apache server, and I've been led to believe that most of the code for it was written in 1998. In order to alleviate this, I'm trying to set up a reverse proxy with mod_gzip to compress the large pages down to a more manageable size (initial tests indicate that they can be reduced by as much as 70%). However, I'm running into a problem: the target server is broken in several ways, one of which is not handling escaped URLs. When you log in, you get dumped into a /server/~username/ directory, which Apache appears to be calling as /server/%7Eusername/ - this returns the target server's idea of a 404 (There is nothing to see at this location.). I've looked at mod_rewrite's unescape function, but I'm afraid I really don't understand how it works. Short of hacking the source and commenting out all the unescaping functions, is there a way to get Apache to proxy the requests verbatim? The relevant parts of my httpd.conf are below. Thanks for any assistance, David Adam [EMAIL PROTECTED] --- VirtualHost fish.ucc.asn.au # [DAA] zanchey@ owns this block of code. If it's still here in 2006, # bug him about it. ServerName fish.ucc.asn.au ServerAlias fish.ucc.gu.uwa.edu.au ProxyPass / http://www.target.edu.au/ ProxyPassReverse / http://www.target.edu.au/ IfModule mod_gzip.c mod_gzip_on Yes mod_gzip_can_negotiate Yes mod_gzip_add_header_count Yes mod_gzip_minimum_file_size 400 mod_gzip_maximum_file_size 0 mod_gzip_temp_dir /tmp mod_gzip_keep_workfiles No mod_gzip_maximum_inmem_size 10 mod_gzip_dechunk Yes mod_gzip_item_include mime ^text/* mod_gzip_item_include mime httpd/unix-directory mod_gzip_item_include file \.htm$ mod_gzip_item_include file \.html$ mod_gzip_item_include handler proxy-server mod_gzip_item_include handler cgi-script mod_gzip_item_exclude rspheader Content-Type:image/* mod_gzip_item_exclude mime text/css mod_gzip_item_exclude file \.css$ mod_gzip_item_exclude file \.js$ mod_gzip_command_version '/mod_gzip_status' /IfModule /VirtualHost - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]